I wish to forward a few ports into a MASQed computer (specifically, 192.168.1.12 on my LAN). I think it has something to do with changing option 13 in firewall.rc (FW_FORWARD_TCP/UDP) but I don't quite understand the syntax. If I am on the right track, can someone please walk me through the meaning of the syntax? If I am way off, can someone point me in the right direction? I am running SuSE 6.4. Thanks in advance for your assistance. -Jesse
also sprach Waldack, Jesse (CAP, CARD) (on Tue, 26 Dec 2000 05:13:43PM -0500):
I wish to forward a few ports into a MASQed computer (specifically, 192.168.1.12 on my LAN).
maybe i am wrong but as far as i know, ipchains - on which firewall.rc operates, cannot forward any ports to masqued computers. the only option that exists is to redirect to a port local to the firewall and you could set up a port forwarder (ssh) on that port, but other than that, i doubt this is possible. what do you want to do? have the web server inside the masqued net? or the mail server? martin [greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net -- "this week dragged past me so slowly; the days fell on their knees..." -- david bowie
also sprach Waldack, Jesse (CAP, CARD) (on Tue, 26 Dec 2000 05:13:43PM -0500):
I wish to forward a few ports into a MASQed computer (specifically, 192.168.1.12 on my LAN).
maybe i am wrong but as far as i know, ipchains - on which firewall.rc operates, cannot forward any ports to masqued computers. the only option that exists is to redirect to a port local to the firewall and you could set up a port forwarder (ssh) on that port, but other than that, i doubt this is possible. You can set you MASQ server to REDIRECT one port to another, and yet... You can MASQ LAN to 0.0.0.0/0 and 0.0.0.0/0 to LAN... Both you MASQ then you REDIRECT... Easily done by IPCHAINS... BTW do it by prompt it's lot easier to maintain... You can also use the attach tool, works out fine for 6.4 and 7.0 SuSE... This is a TK/GTK tool... Just keep you /proc/.../ip_forward turned on and play
HI you all, ---- Tue, 26 Dec 2000 MaD dUCK wrote: this handy tool... THAT'S IT!!! Never mind SSH!!! IT SUXs! Just give a close route to a server, block the root user acces to a machine then play SSH... Otherwise you'll be doing Terrance and Phillip play! FUUUUUUUUI Brazil RULEz the WEB and CRACKZ... BRITTANIA ROX! GOD SAVE THE QUEEN! Jimmy out!
also sprach Jimmy (on Tue, 26 Dec 2000 10:59:50PM -0200):
You can set you MASQ server to REDIRECT one port to another, and yet... You can MASQ LAN to 0.0.0.0/0 and 0.0.0.0/0 to LAN... Both you MASQ then you REDIRECT...
could you please give me a reference? i doubt that you can masq the internet, but i could be wrong... who on the LAN would know what to do with which packet? they don't have valid IPs... you can redirect, yes, but you can't masq...
Never mind SSH!!! IT SUXs! Just give a close route to a server, block the root user acces to a machine then play SSH... Otherwise you'll be doing Terrance and Phillip play!
use SSH2 then. and besides that, we are talking LAN internal, so the security is a little higher. give me console access and i'll play god on your machine.
FUUUUUUUUI Brazil RULEz the WEB and CRACKZ... BRITTANIA ROX! GOD SAVE THE QUEEN!
yeah yeah god shave the queen. are you on crack or what? martin [greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net -- "if beethoven's seventh symphony is not by some means abridged, it will soon fall into disuse." -- philip hale, boston music critic, 1837
You CAN actually reverse masq connections. You need to use IPMASQADM which IS included with suse. Take a look at http://juanjox.kernelnotes.org/ipmasqadm-FAQ.txt for more info.. I think I will definitely have to write-up a section on ipmasqadm in the FAQ as this is the 4th or 5th time I've answered this question in the last few months :-) -Nix At 02:10 AM 27/12/2000 +0100, you wrote:
also sprach Jimmy (on Tue, 26 Dec 2000 10:59:50PM -0200):
You can set you MASQ server to REDIRECT one port to another, and yet... You can MASQ LAN to 0.0.0.0/0 and 0.0.0.0/0 to LAN... Both you MASQ then you REDIRECT...
could you please give me a reference? i doubt that you can masq the internet, but i could be wrong... who on the LAN would know what to do with which packet? they don't have valid IPs... you can redirect, yes, but you can't masq...
Never mind SSH!!! IT SUXs! Just give a close route to a server, block the root user acces to a machine then play SSH... Otherwise you'll be doing Terrance and Phillip play!
use SSH2 then. and besides that, we are talking LAN internal, so the security is a little higher. give me console access and i'll play god on your machine.
FUUUUUUUUI Brazil RULEz the WEB and CRACKZ... BRITTANIA ROX! GOD SAVE THE QUEEN!
yeah yeah god shave the queen. are you on crack or what?
martin
[greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net -- "if beethoven's seventh symphony is not by some means abridged, it will soon fall into disuse." -- philip hale, boston music critic, 1837
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking
I also tried to make my port forwarding with IPCHAINS but stopped because I realized that the host needs as a default gateway the firewall. Now I'm using rinetd for this purpose and it is working great!!! Wolfgang
-----Ursprüngliche Nachricht----- Von: Waldack, Jesse (CAP, CARD) [mailto:Jesse.Waldack@gecapital.com] Gesendet: Dienstag, 26. Dezember 2000 23:14 An: 'suse-security@suse.com' Betreff: [suse-security] Firewall question -- Forwarding ports
I wish to forward a few ports into a MASQed computer (specifically, 192.168.1.12 on my LAN).
I think it has something to do with changing option 13 in firewall.rc (FW_FORWARD_TCP/UDP) but I don't quite understand the syntax.
If I am on the right track, can someone please walk me through the meaning of the syntax?
If I am way off, can someone point me in the right direction?
I am running SuSE 6.4.
Thanks in advance for your assistance.
-Jesse
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
I also use rinetd for simple configuration, but it fails for high traffic. I redirect port 8080 in a that acts as transparent proxy for another machine (our main proxy server) and rinetd just crashed when a lot of requisitions were done. So I recommend using it with caution. []s Davi On Thursday 28 December 2000 14:42, Schulz wrote:
I also tried to make my port forwarding with IPCHAINS but stopped because I realized that the host needs as a default gateway the firewall.
Now I'm using rinetd for this purpose and it is working great!!!
Wolfgang
-----Ursprüngliche Nachricht----- Von: Waldack, Jesse (CAP, CARD) [mailto:Jesse.Waldack@gecapital.com] Gesendet: Dienstag, 26. Dezember 2000 23:14 An: 'suse-security@suse.com' Betreff: [suse-security] Firewall question -- Forwarding ports
I wish to forward a few ports into a MASQed computer (specifically, 192.168.1.12 on my LAN).
I think it has something to do with changing option 13 in firewall.rc (FW_FORWARD_TCP/UDP) but I don't quite understand the syntax.
If I am on the right track, can someone please walk me through the meaning of the syntax?
If I am way off, can someone point me in the right direction?
I am running SuSE 6.4.
Thanks in advance for your assistance.
-Jesse
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (6)
-
Davi -
Jimmy -
MaD dUCK -
Nix -
Schulz -
Waldack, Jesse (CAP, CARD)