Good morning. I am quite new to configuring a firewall and I will appreciate any help I can get. I am running SuSE 9.3, default Kernel on my firewall machine and want to redirect client FTP requests to Frox proxy, port 2121 on the firewall machine. In /etc/sysconfig/SuSEfirewall2, section 15 I set FW_REDIRECT="192.168.0.0/24,0/0,tcp,21,2121" But nothing gets redirected. What did I overlook? Regards Wolfgang Kluge -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://linux.bitdefender.com/
Wolfgang Kluge wrote:
Good morning.
I am quite new to configuring a firewall and I will appreciate any help I can get.
I am running SuSE 9.3, default Kernel on my firewall machine and want to redirect client FTP requests to Frox proxy, port 2121 on the firewall machine.
In /etc/sysconfig/SuSEfirewall2, section 15 I set FW_REDIRECT="192.168.0.0/24,0/0,tcp,21,2121"
But nothing gets redirected. What did I overlook?
Regards
Wolfgang Kluge
The syntax is: # 15.) # A redirecting rule consists of 1) source IP/net, 2) destination IP/net, # 3) protocol (tcp or udp) 3) original destination port and 4) local port to # redirect the traffic to, seperated by a colon. e.g.: # "10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080" # Please note that as 2) destination, you may add '!' in front of the IP/net # to specify everything EXCEPT this IP/net. # You want to say FW_REDIRECT="0/0,192.168.0.XXX,tcp,21,2121" 0/0 means anywhere 192.168.0.XXX/24 would be the ip address to forward to. Relace the XXX to complete the IP address. (BTW 0 would not be valid)
Ulf Rasch wrote:
Wolfgang Kluge wrote:
I am quite new to configuring a firewall and I will appreciate any help I can get.
I am running SuSE 9.3, default Kernel on my firewall machine and want to redirect client FTP requests to Frox proxy, port 2121 on the firewall machine.
In /etc/sysconfig/SuSEfirewall2, section 15 I set FW_REDIRECT="192.168.0.0/24,0/0,tcp,21,2121"
But nothing gets redirected. What did I overlook?
The syntax is:
# 15.) # A redirecting rule consists of 1) source IP/net, 2) destination IP/net, # 3) protocol (tcp or udp) 3) original destination port and 4) local port to # redirect the traffic to, seperated by a colon. e.g.: # "10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080" # Please note that as 2) destination, you may add '!' in front of the IP/net # to specify everything EXCEPT this IP/net. #
You want to say FW_REDIRECT="0/0,192.168.0.XXX,tcp,21,2121"
0/0 means anywhere 192.168.0.XXX/24 would be the ip address to forward to. Relace the XXX to complete the IP address. (BTW 0 would not be valid)
Redirect means redirecting to a port on the _local_ machine. The term you are most likely looking for is 'forwarding'. Have a look at FW_FORWARD_MASQ. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
Ludwig Nussel wrote:
Ulf Rasch wrote:
Wolfgang Kluge wrote:
I am quite new to configuring a firewall and I will appreciate any help I can get.
I am running SuSE 9.3, default Kernel on my firewall machine and want to redirect client FTP requests to Frox proxy, port 2121 on the firewall machine.
In /etc/sysconfig/SuSEfirewall2, section 15 I set FW_REDIRECT="192.168.0.0/24,0/0,tcp,21,2121"
But nothing gets redirected. What did I overlook?
The syntax is:
# 15.) # A redirecting rule consists of 1) source IP/net, 2) destination IP/net, # 3) protocol (tcp or udp) 3) original destination port and 4) local port to # redirect the traffic to, seperated by a colon. e.g.: # "10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080" # Please note that as 2) destination, you may add '!' in front of the IP/net # to specify everything EXCEPT this IP/net. #
You want to say FW_REDIRECT="0/0,192.168.0.XXX,tcp,21,2121"
0/0 means anywhere 192.168.0.XXX/24 would be the ip address to forward to. Relace the XXX to complete the IP address. (BTW 0 would not be valid)
Redirect means redirecting to a port on the _local_ machine. The term you are most likely looking for is 'forwarding'. Have a look at FW_FORWARD_MASQ.
cu Ludwig
Guess was a little quick with my first answer. As I understood Wolfgang he wants to redirect to a port on the local machine (the firewall machine). The syntax you used should work. Here is my setup for redirecting everything to a http proxy. FW_REDIRECT="192.168.100.0/24,!192.168.100.1,tcp,80,3128" Did you restart the firewall?
Ulf Rasch wrote:
Ludwig Nussel wrote:
Ulf Rasch wrote:
Wolfgang Kluge wrote:
I am quite new to configuring a firewall and I will appreciate any help I can get.
I am running SuSE 9.3, default Kernel on my firewall machine and want to redirect client FTP requests to Frox proxy, port 2121 on the firewall machine.
In /etc/sysconfig/SuSEfirewall2, section 15 I set FW_REDIRECT="192.168.0.0/24,0/0,tcp,21,2121"
But nothing gets redirected. What did I overlook?
The syntax is:
# 15.) # A redirecting rule consists of 1) source IP/net, 2) destination IP/net, # 3) protocol (tcp or udp) 3) original destination port and 4) local port to # redirect the traffic to, seperated by a colon. e.g.: # "10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080" # Please note that as 2) destination, you may add '!' in front of the IP/net # to specify everything EXCEPT this IP/net. #
You want to say FW_REDIRECT="0/0,192.168.0.XXX,tcp,21,2121"
0/0 means anywhere 192.168.0.XXX/24 would be the ip address to forward to. Relace the XXX to complete the IP address. (BTW 0 would not be valid)
Redirect means redirecting to a port on the _local_ machine. The term you are most likely looking for is 'forwarding'. Have a look at FW_FORWARD_MASQ.
cu Ludwig
Guess was a little quick with my first answer. As I understood Wolfgang he wants to redirect to a port on the local machine (the firewall machine). The syntax you used should work. Here is my setup for redirecting everything to a http proxy.
FW_REDIRECT="192.168.100.0/24,!192.168.100.1,tcp,80,3128"
Did you restart the firewall?
Yes, I want to redirect on the firewall machine all FTP traffik coming form the LAN ( LAN interface of the firewall machine is 192.168.0.201/24 ) to port 2121 of the firewall machine where Frox is listening on 0.0.0.0:2121 And yes, I re-started the firewall - nothing gets re-directed also not after re-start of the firewall machine ( init 6 ). A test with the following also resulted in the same nothing-redirected FW_REDIRECT="192.168.0.11/24,0/0,tcp,21,2121" where 192.168.0.11 is the fixed IP address of my test machine in the LAN The /var/log/frox-log ( log level 25 ) does not show any redirection. Is there anything that must be enabled in addition to FW_REDIRECT= ? Regards Wolfgang Kluge -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://linux.bitdefender.com/
Hello Ludwig, Am Mittwoch, 6. Juli 2005 12:50 schrieb Ludwig Nussel:
I am running SuSE 9.3, default Kernel on my firewall machine and want to redirect client FTP requests to Frox proxy, port 2121 on the firewall machine.
In /etc/sysconfig/SuSEfirewall2, section 15 I set FW_REDIRECT="192.168.0.0/24,0/0,tcp,21,2121"
But nothing gets redirected. What did I overlook?
You want to say FW_REDIRECT="0/0,192.168.0.XXX,tcp,21,2121"
Redirect means redirecting to a port on the _local_ machine. The term you are most likely looking for is 'forwarding'. Have a look at FW_FORWARD_MASQ.
(?) for frox, the sytax is in the Readme.SuSE // To set up your packet filter, you will most likely use an iptables rule like this one: # redirect outbound ftp traffic from $int_dev transparently to proxy $iptables -t nat -A PREROUTING -i $int_dev -p tcp --dport 21 -j REDIRECT --to-port 2121 There is no need to recompile the kernel for this stuff. // Have i setup this with FW_FORWARD_MASQ ????. Wofgang says all is on the same computer ? -- MfG / Regards Günther J. Niederwimmer
Günther J. Niederwimmer wrote:
Am Mittwoch, 6. Juli 2005 12:50 schrieb Ludwig Nussel:
I am running SuSE 9.3, default Kernel on my firewall machine and want to redirect client FTP requests to Frox proxy, port 2121 on the firewall machine.
In /etc/sysconfig/SuSEfirewall2, section 15 I set FW_REDIRECT="192.168.0.0/24,0/0,tcp,21,2121"
But nothing gets redirected. What did I overlook?
You want to say FW_REDIRECT="0/0,192.168.0.XXX,tcp,21,2121"
Redirect means redirecting to a port on the _local_ machine. The term you are most likely looking for is 'forwarding'. Have a look at FW_FORWARD_MASQ.
(?)
for frox, the sytax is in the Readme.SuSE
// To set up your packet filter, you will most likely use an iptables rule like this one: # redirect outbound ftp traffic from $int_dev transparently to proxy $iptables -t nat -A PREROUTING -i $int_dev -p tcp --dport 21 -j REDIRECT --to-port 2121
There is no need to recompile the kernel for this stuff. //
Have i setup this with FW_FORWARD_MASQ ????.
Wofgang says all is on the same computer ?
You stripped the quoted part from Ulf I was referring to :-) He was talking about forwarding. I didn't notice the original poster was indeed talking about localhost only. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
participants (4)
-
Günther J. Niederwimmer -
Ludwig Nussel -
Ulf Rasch -
Wolfgang Kluge