NNTP works well on my firewall, but doesn't work at all on client computers that reside behind my firewall. i put this iptables line in my custom firewall script file. under "fw_custom_after_antispoofing()" i have iptables -N network1_in iptables -N network1_out iptables -A FORWARD -i eth2 -o eth1 -j network1_in iptables -A FORWARD -i eth1 -o eth2 -j network1_out iptables -t nat -A POSTROUTING -o eth2 -p tcp -s $mynet --sport 1024:65535 -d 0/0 --dport 119 -j SNAT --to $my_ext_ip iptables -A network1_out -p tcp -s $mynet --sport 1024:65535 -d 0/0 --dport 119 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A network1_in -p tcp -s 0/0 --sport 119 -d $mynet --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT but it still doesn't work ? what could be the problem ? "Who the heck is General Failure, and why is he reading my harddisk?" __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Friday 04 August 2006 03:27, wpc wrote:
NNTP works well on my firewall, but doesn't work at all on client computers that reside behind my firewall.
i put this iptables line in my custom firewall script file.
under "fw_custom_after_antispoofing()"
i have
iptables -N network1_in iptables -N network1_out iptables -A FORWARD -i eth2 -o eth1 -j network1_in iptables -A FORWARD -i eth1 -o eth2 -j network1_out
iptables -t nat -A POSTROUTING -o eth2 -p tcp -s $mynet --sport 1024:65535 -d 0/0 --dport 119 -j SNAT --to $my_ext_ip
iptables -A network1_out -p tcp -s $mynet --sport 1024:65535 -d 0/0 --dport 119 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A network1_in -p tcp -s 0/0 --sport 119 -d $mynet --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
but it still doesn't work ? what could be the problem
Why do you want your internal machines to traverse your firewall to get to an nntp server? The proper thing to do is run your own server on the firewall which is the only machine that would have to bother the public servers. -- _____________________________________ John Andersen
please elaborate how then would i give access to various nntp servers to different clients on my network ? "Who the heck is General Failure, and why is he reading my harddisk?" __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Hi,
please elaborate how then would i give access to various nntp servers to different clients on my network ?
--> you would run your own NTP server on the firewall machine. This NTP server contacts several external NTP servers to get a valid and exact network time. Your clients need to contact the NTP server on the firewall machine only. Since its internal network only, there should be no considerable time lags on the internal net so the clients need to contact only one (your firewall) NTP server. Cheers, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
ok will do that, but something wierd is happening i think, i mean i have turned on all logging on my firewall but i don't see a single packet with destination port 119 from my computer ! i have ethereal installed on my computer and when i compare with the firewall logs, packets with the source port from my machine used to connect to nntp server do not appear ! where could they be getting lost from ? "Who the heck is General Failure, and why is he reading my harddisk?" __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
which nntp server would you recommend ? there doesnt seems to be any on the sles9 cd's "Who the heck is General Failure, and why is he reading my harddisk?" __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Am Samstag, 5. August 2006 16:10 schrieb Armin Schoech:
Hi,
please elaborate how then would i give access to various nntp servers to different clients on my network ?
--> you would run your own NTP server on the firewall machine. This NTP server contacts several external NTP servers to get a valid and exact network time.
You are missing an "N" there. It is the usenet and not a time-server he wants to contact...
--> you would run your own NTP server on the firewall machine. This NTP server contacts several external NTP servers to get a valid and exact network time.
You are missing an "N" there. It is the usenet and not a time-server he wants to contact...
--> I'm very sorry; obviously I did not read the original question carefully enough. Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
On Fri, 4 Aug 2006, wpc wrote:
NNTP works well on my firewall, but doesn't work at all on client computers that reside behind my firewall. [... Lots of rules deleted ...]
What's in your firewall log if your clients try to access the NNTP server?
but it still doesn't work ? what could be the problem ?
Everything :). Regards Henning Hucke -- How's the wife? Is she at home enjoying capitalism?
participants (5)
-
Armin Schoech -
Gabriele Conrad -
Henning Hucke -
John Andersen -
wpc