Re: [suse-security] port forwarding with ipchains / firewallpackage suse 6.4

26 May 2000


      Hello,
    We are doing that exact thing here, and yes you may want to use another
tool.  In the Linux IP-CHAINS HOW-TO, section 3.3.5, the author talks about
how to do this.  I decided to use the redir program, and have not had a
problem with it for the 100+ days it has been running.
    The only thing I have noticed is TCP sequence prediction gets incredibly
easy, even though on Linux it is supposed to be virtually impossible.  I
combed through the code for redir and found the author was using a write()
instead of a send() to get the data back to the clients.  Since we're on the
subject, let me pose a question to any network programmers out there: could
this be the cause?

--
Jeremy Buchmann
System Admin/Database Programmer
Wells Gaming Research

----------
...
From: Florian Gnägi 
To: suse-security@suse.de
Subject: [suse-security] port forwarding with ipchains / firewallpackage suse
6.4
Date: Thu, May 25, 2000, 9:18 AM

...
Hi
I have serious problems installing a working port forwarding setup on a
SuSE 6.4 box. I have a internal webserver I want to make public.
+------------+    +--------------------+
internet ---| myfirewall |----| internal www-server|
            | 195.x.x.x. |    | 10.10.10.150       |
            +------------+    +--------------------+
I've red all kind of masquerade, ipchains and firewall-howtos I could get
but it still doesn't work or said the other way round: I just don't get
it.
I have no problem using the Internet from the internale network,
masquerading seems to work fine.
I'm using the /etc/rc.config.d/firewall.rc.config file with the parameters
FW_SERVICES_EXTERNAL_TCP="www ssh domain smtp"
FW_FORWARD_TCP="0/0,10.10.10.150,80"
but it doesn't work. I tried all other kind of combinations and also with
the option
FW_REDIRECT_TCP="0/0,10.10.10.150,80,80"
but I can't make it work.
I installed ipmasqadm since I couldn't find it on the CD's and it was
mentioned in all the howto's
However,
portfw -a -P tcp -L 195.x.x.x.x 80 -R 10.10.10.150 80
didn't change anything neither.
I'm using the standard 2.2.14 kernel which comes with SuSE 6.4, I
recompiled and made sure alle IP and firewall options found their way
into my kernel.
Any hints and help would be apprechiated very much. I can send you a
ipchains-save dump if this helps helping me...
Do I need to install anything that doesn't come automatically with the
suse firewall package?
greetings
-florian
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com

Jeremy Buchmann

tags

participants (1)