Re: [suse-security] Iptables PREROUTING
My setting is like this. Internet --> BB router LAN interface(192.168.1.88) --> eth1(192.168.1.10) Linux box eth0(192.168.0.11) --> LAN (192.168.0.30) windows XP I attached my laptop in BB router with IP 192.168.1.xx in order to test the forward. That means my test case is like this Laptop(192.168.1.xx) --> BB router LAN interface(192.168.1.88) --> eth1 (192.168.1.10) Linux box eth0(192.168.0.11) --> LAN (192.168.0.30) windows XP Any hints? Vincent On Thu, 5 Feb 2004 12:48:36 -0300, Augusto S Amaya wrote
For the netmeeting problem , maybe you would need to compile the [UTF-8?]> iptable module (h323) , i don織t remember if that織s the exact name.
For the rest , this is the correct map of the connection??
{INTERNET} <--------> WINDOWS XP <---------------> LINUX BOX <------- ---> Laptop
Tell me if i got it right please , maybe i can help you.
-------------------------------------------------------------- Augusto S Amaya Administrador Certif. Servidores Linux - Dto. de Produccion de [UTF-8?]> Sistemas Per籀n 407 Conmutador: 6329-0000 Tel/Interno: 4370/4371/4372 Fax: augusto.s.amaya@bancogalicia.com.ar http://www.bancogalicia.com.ar
"Vincent Lee"
<vincent.lee@vs-pro Para: "Augusto S Amaya" <augusto.s.amaya@bancogalicia.com.ar>
.com> cc: suse- security@suse.com
Asunto:
Re: [suse-security] Iptables PREROUTING
05/02/2004 11:46
a.m.
Dear Augusto,
Thanks for your suggestion. I already did that to enable the ip forward.
For the nemeeting, may be it is too difficult to discuss it right now. Let
me say in this way. I have setup my Windows XP to have IIS
on it. I tried to forward the traffic from 192.168.1.10:8081 (external interface of my linux box) to 192.168.0.30:80 (my windows box). In between, I have eth0 internal interface of my linux box with 192.168.0.11 in it.
Inside my linx box, I have this.
iptables -t nat -A PREROUTING -i eth1 -o eth0 -p tcp --sport 1024:65535 -d 192.168.1.10 --dport 8081 -j DNAT --to-destination 192.168.0.30:80 iptables -A FORWARD -i eth1 -o eth0 -p tcp --sport 1024:65535 -d 192.168.0.30 --dport 80 -m state --state NEW -j ACCEPT
However, if I try this on my laptop which is using 192.168.1.x (same segment with the external interface of my Linux box), I cannot get it work.
Any suggestion?
Best Regards,
Vincent
On Thu, 5 Feb 2004 11:54:48 -0300, Augusto S Amaya wrote
Dear Vicent , first at all , sorry about my por english :)
To enable ipfowarding just do write this in a console:
/bin/echo "1" > /proc/sys/net/ipv4/ip_forward
But , if the netmeeting port also is filtered by the firewall they may not work.
-------------------------------------------------------------- Augusto S Amaya Administrador Certif. Servidores Linux - Dto. de Produccion de Sistemas Per鏮 407 Conmutador: 6329-0000 Tel/Interno: 4370/4371/4372 Fax: augusto.s.amaya@bancogalicia.com.ar http://www.bancogalicia.com.ar
"Vincent Lee"
<vincent.lee@vs-pro Para: SuSE Security <suse-security@suse.com> .com> cc:
Asunto: Re: [suse-security] Iptables PREROUTING 05/02/2004 11:03
a.m.
Dear all,
Thanks for your info. I try to enabled the ip forwarding function. However,
I still cannot pass it through.
Internet traffic --> My boardband router (all WAN traffic) --> external interface of my linux box (eth1, 192.168.1.x).
Behind the Linux box with internal interface eth0 (192.168.0.x), I have my Windows XP here. I want to know whether I can setup the MS netmeeting or not?
Best Regards,
Vincent
On Wed, 04 Feb 2004 13:48:58 +0200, Ray Leach wrote
On Wed, 2004-02-04 at 00:46, Geoffrey wrote:
Vincent Lee wrote:
Dear all,
I am new to SuSE. I would like to setup the MS netmeeting for a computer which behind SuSE firewall. When I made change on the nat, I cannot get it through. It seems that the IP forwarding is disabled by SuSE. Can anyone tell me how can I enable it?
Yast -> Network devices -> network card -> change -> edit -> routing -> enable ip forwarding
It's a check box at the lower center of the window.
Or just edit /etc/sysconfig/sysctl and then restart your networking (/etc/rc.d/network restart)
-- Until later, Geoffrey Registered Linux User #108567 Building secure systems inspite of Microsoft -- -- Raymond Leach <raymondl@knowledgefactory.co.za> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
-- Best Regards,
Vincent Lee
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Best Regards,
Vincent Lee
-- Best Regards, Vincent Lee
participants (1)
-
Vincent Lee