From: Franki (franki@gshop.com.au)
Date: Tue May 22 2001 - 07:53:04 PDT
I couldn't find it for mandrake, but I found a scr from another distro and
rebuilt it,, worked great..
Thanks all.
regards
Frank
-----Original Message-----
From: owner-pmfirewall@pointman.org
[mailto:owner-pmfirewall@pointman.org]On Behalf Of MaD MaN
Sent: Tuesday, 22 May 2001 4:13 PM
To: pmfirewall@pointman.org
Subject: Re: [pmfirewall] port forwarding with IPCHAINS
You need to use ipmasqadm. Make sure your ip forwarding is working and
implement this tool and all will work well. I have the ipmasqadm rpm
package if
you want it. Let me know and I will send it to you. The syntax you will
want
to use then is the following.
ipmasqadm portfw -a -P tcp -L 'external ip' 80 -R 'internal ip' 80
And make sure your port 80 is open on the outside as well.
joel
Franki wrote:
> Hi all,
>
> I have an unusual situation in that I need to use ipchains to make port 80
> of an internal machine, apprear to be port 80 on the gateway machine, (the
> internal machine is a win2000 server (shudder))
>
> Is this possible???
>
> or do I need to use some form of routing?? (the internal server has a
> private IP address, so I am guessing port forwarding is the way to go.)
>
> IS this difficult with IPchains?
>
> can someone give me an example chain rule?
>
> any help would be most seriously appreciated...
>
> kindest regard
>
> Frank
>
> -----Original Message-----
> From: owner-pmfirewall@pointman.org
> [mailto:owner-pmfirewall@pointman.org]On Behalf Of Greg Stewart
> Sent: Tuesday, 22 May 2001 11:04 AM
> To: pmfirewall@pointman.org
> Subject: Re: [pmfirewall] Problem with SSH AND SAMBA when using
> pmfirewall
>
> Do you have Masquerading setup and working? If so, ssh should be working
on
> the inside network without a problem.
>
> Your ssh rule has a conflict with your networks: 192.168.x.x is already
> blocked by the script's standard rules, and is not even a valid $OUTERNET
> address. Typically OUTERNET & REMOTENET can be considered either 0.0.0.0/0
> or your ISP's network (where your external address exists). The following
is
> how your external rule should look to allow shh connections:
>
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 22 -j ACCEPT
>
> Samba (port 137) should be blocked the outside world entirely with a
similar
> DENY rule.
>
> Somewhere in your masq'ing ruleset must be where the block on your
> $INTERNALNET addresses. When masquerading is configured correctly,
> pmfirewall.conf should assign the interal IP to its local variables, and
> pmfirewall.rules.masq will use these to set up your rules to accept
internal
> traffic.
>
> Are there other services/connections that are not working when you
activate
> the firewall rules?
>
> --Greg
>
> ----- Original Message -----
> From: "Subzero" <subzero123_80@yahoo.com>
>
> >
> > I am trying to allow access to ssh and samba inside the network. I
> want
> > to block the external net from getting in. I may want to allow ssh to
> > anybody but I am not sure. Here is my line from rules.local.. Another
> > question what is this line doing $IPCHAINS -A output -p tcp -d 0/0 22 -t
> > 0x01 0x10 telnet. Thanks for the help..
> > #SSH
> > $IPCHAINS -A input -p tcp -s 192.168.1.2 -d $OUTERNET 22 -j ACCEPT
> > #NETBIOS
> > $IPCHAINS -A input -p tcp -s 192.168.1.0/24 -d $REMOTENET 137:139 -i
> > $OUTERIF -j ACCEPT
> > $IPCHAINS -A input -p udp -s 192.168.1.0/24 -d $REMOTENET 137:139 -i
> > $OUTERIF -j ACCEPT
> >
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> >
> >
>
****************************************************************************
> > * To UNSUBSCRIBE from the list, send a message with "unsubscribe
> pmfirewall"
> > * in the message body to majordomo@pointman.org. Please direct other
> > * questions, comments, or problems to pmfirewall-owner@pointman.org.
> > *
> > * Need answers fast? Check the list archive located at:
> > * http://www.pointman.org/PMFirewall/list-archive/
> > *
>
>
____________________________________________________________________________
> __
> ifrance.com, l'email gratuit le plus complet de l'Internet !
> vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
> http://www.ifrance.com/_reloc/email.emailif
>
>
****************************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe
pmfirewall"
> * in the message body to majordomo@pointman.org. Please direct other
> * questions, comments, or problems to pmfirewall-owner@pointman.org.
> *
> * Need answers fast? Check the list archive located at:
> * http://www.pointman.org/PMFirewall/list-archive/
> *
>
>
****************************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe
pmfirewall"
> * in the message body to majordomo@pointman.org. Please direct other
> * questions, comments, or problems to pmfirewall-owner@pointman.org.
> *
> * Need answers fast? Check the list archive located at:
> * http://www.pointman.org/PMFirewall/list-archive/
> *
-- "One World, One Web, One Program" - Microsoft Promotional Ad "Ein Volk, Ein Reich, Ein Fuhrer" - Adolf HitlerLinux
http://www.visualstimulation.com
**************************************************************************** * To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall" * in the message body to majordomo@pointman.org. Please direct other * questions, comments, or problems to pmfirewall-owner@pointman.org. * * Need answers fast? Check the list archive located at: * http://www.pointman.org/PMFirewall/list-archive/ *
**************************************************************************** * To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall" * in the message body to majordomo@pointman.org. Please direct other * questions, comments, or problems to pmfirewall-owner@pointman.org. * * Need answers fast? Check the list archive located at: * http://www.pointman.org/PMFirewall/list-archive/ *
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:41:39 PDT