Re: [suse-security] port forwarding with ipchains / firewallpackage suse 6.4
Hello, We are doing that exact thing here, and yes you may want to use another tool. In the Linux IP-CHAINS HOW-TO, section 3.3.5, the author talks about how to do this. I decided to use the redir program, and have not had a problem with it for the 100+ days it has been running. The only thing I have noticed is TCP sequence prediction gets incredibly easy, even though on Linux it is supposed to be virtually impossible. I combed through the code for redir and found the author was using a write() instead of a send() to get the data back to the clients. Since we're on the subject, let me pose a question to any network programmers out there: could this be the cause? -- Jeremy Buchmann System Admin/Database Programmer Wells Gaming Research ----------
From: Florian Gnägi
To: suse-security@suse.de Subject: [suse-security] port forwarding with ipchains / firewallpackage suse 6.4 Date: Thu, May 25, 2000, 9:18 AM
Hi
I have serious problems installing a working port forwarding setup on a SuSE 6.4 box. I have a internal webserver I want to make public.
+------------+ +--------------------+ internet ---| myfirewall |----| internal www-server| | 195.x.x.x. | | 10.10.10.150 | +------------+ +--------------------+
I've red all kind of masquerade, ipchains and firewall-howtos I could get but it still doesn't work or said the other way round: I just don't get it.
I have no problem using the Internet from the internale network, masquerading seems to work fine.
I'm using the /etc/rc.config.d/firewall.rc.config file with the parameters
FW_SERVICES_EXTERNAL_TCP="www ssh domain smtp" FW_FORWARD_TCP="0/0,10.10.10.150,80"
but it doesn't work. I tried all other kind of combinations and also with the option
FW_REDIRECT_TCP="0/0,10.10.10.150,80,80"
but I can't make it work.
I installed ipmasqadm since I couldn't find it on the CD's and it was mentioned in all the howto's
However,
portfw -a -P tcp -L 195.x.x.x.x 80 -R 10.10.10.150 80
didn't change anything neither.
I'm using the standard 2.2.14 kernel which comes with SuSE 6.4, I recompiled and made sure alle IP and firewall options found their way into my kernel.
Any hints and help would be apprechiated very much. I can send you a ipchains-save dump if this helps helping me...
Do I need to install anything that doesn't come automatically with the suse firewall package?
greetings
-florian
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (1)
-
Jeremy Buchmann