port forwarding with firewals-2.1-5
Hi there, Has anybody on the list got any success configuring port forwarding using firewals-2.1-5.rpm? I am driven completely mad. I followed all comments in configuration file, I looked thoroughly through examples, -- to no avail! I also tried ipmasqadm with mfw module--no good. What I actually need to do: I have SuSE 6.4 box as a firewall. I have an NT box on internal network. I need to make Apache running on NT visible from the Internet. Pretty simple, you would say. I thought it too. It appeared not so simple. Please help. -Kastus
It doesn't. I added the following lines near the end of
/sbin/SuSEfirewall. It is forwarding ports 61222 and 61223 to ssh on
two different internal machines. Generallizing this so it can be done
in the rc.config.d/firewall.rc.config like other rules is on my todo
list.
HTH,
Jeffrey
# FIXME: kludge for SSH redirection
test "$1" = start && {
$IPCHAINS -I input -j "$ACCEPT" -p tcp -i eth0 --dport 61222 -m "$COUNTER" -l
-y
$IPMASQADM mfw -I -m "$COUNTER" -r 172.20.10.18 ssh
COUNTER=`expr 1 + $COUNTER`
$IPCHAINS -I input -j "$ACCEPT" -p tcp -i eth0 --dport 61223 -m "$COUNTER" -l
-y
$IPMASQADM mfw -I -m "$COUNTER" -r 172.20.10.24 ssh
COUNTER=`expr 1 + $COUNTER`
}
Quoting Konstantin (Kastus) Shchuka
Hi there,
Has anybody on the list got any success configuring port forwarding using firewals-2.1-5.rpm?
I am driven completely mad. I followed all comments in configuration file, I looked thoroughly through examples, -- to no avail!
I also tried ipmasqadm with mfw module--no good.
What I actually need to do:
I have SuSE 6.4 box as a firewall. I have an NT box on internal network. I need to make Apache running on NT visible from the Internet.
Pretty simple, you would say. I thought it too. It appeared not so simple.
Please help.
-Kastus
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
On Sun, Feb 25, 2001 at 08:52:32PM -0600, Jeffrey Taylor wrote:
It doesn't. I added the following lines near the end of /sbin/SuSEfirewall. It is forwarding ports 61222 and 61223 to ssh on two different internal machines. Generallizing this so it can be done in the rc.config.d/firewall.rc.config like other rules is on my todo list.
HTH, Jeffrey
# FIXME: kludge for SSH redirection test "$1" = start && { $IPCHAINS -I input -j "$ACCEPT" -p tcp -i eth0 --dport 61222 -m "$COUNTER" -l -y $IPMASQADM mfw -I -m "$COUNTER" -r 172.20.10.18 ssh COUNTER=`expr 1 + $COUNTER`
$IPCHAINS -I input -j "$ACCEPT" -p tcp -i eth0 --dport 61223 -m "$COUNTER" -l -y $IPMASQADM mfw -I -m "$COUNTER" -r 172.20.10.24 ssh COUNTER=`expr 1 + $COUNTER` }
I've tried this (maybe a bit modified). There are neither COUNTER nor IPMASQADM variables in SuSEfirewall script. So I ran ipchains and ipmasqadm commands manually after starting rcfirewal. No good, nothing gets forwarded. ``ipmasqadm mfw -L'' shows correct results for the IP and port. I checked, I can access Apache on internal NT from firewal machine, but if I try to access it from outside, connection never opens. What version of firewals do you use? Do you set any values to FW_FORWARD_TCP in configuration file? What else may be different in my setup from yours? Thanks, -Kastus
Quoting Konstantin (Kastus) Shchuka
: Hi there,
Has anybody on the list got any success configuring port forwarding using firewals-2.1-5.rpm?
I am driven completely mad. I followed all comments in configuration file, I looked thoroughly through examples, -- to no avail!
I also tried ipmasqadm with mfw module--no good.
What I actually need to do:
I have SuSE 6.4 box as a firewall. I have an NT box on internal network. I need to make Apache running on NT visible from the Internet.
Pretty simple, you would say. I thought it too. It appeared not so simple.
Please help.
-Kastus
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
I am using the version that comes with SuSE 7.0, firewals-2.6-10. I
have FW_FORWARD_TCP="192.168.0.0/16,172.20.10.0/24,ssh". 192.168.0.0
is the range of the internal networks, 172.20.10.0/24 is the subnet
for the DMZ. The DMZ was moved out of my back bedroom last week,
to my employer's new office, so I am relying on the backup copies of
files and hoping nothing significant has changed.
HTH,
Jeffrey
Quoting Konstantin (Kastus) Shchuka
On Sun, Feb 25, 2001 at 08:52:32PM -0600, Jeffrey Taylor wrote: [snip] I've tried this (maybe a bit modified). There are neither COUNTER nor IPMASQADM variables in SuSEfirewall script. So I ran ipchains and ipmasqadm commands manually after starting rcfirewal. No good, nothing gets forwarded. ``ipmasqadm mfw -L'' shows correct results for the IP and port.
I checked, I can access Apache on internal NT from firewal machine, but if I try to access it from outside, connection never opens.
What version of firewals do you use? Do you set any values to FW_FORWARD_TCP in configuration file? What else may be different in my setup from yours?
Thanks, -Kastus
Quoting Konstantin (Kastus) Shchuka
: Hi there,
Has anybody on the list got any success configuring port forwarding using firewals-2.1-5.rpm?
I am driven completely mad. I followed all comments in configuration file, I looked thoroughly through examples, -- to no avail!
I also tried ipmasqadm with mfw module--no good.
What I actually need to do:
I have SuSE 6.4 box as a firewall. I have an NT box on internal network. I need to make Apache running on NT visible from the Internet.
Pretty simple, you would say. I thought it too. It appeared not so simple.
Please help.
-Kastus
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
The box I have problems with is 6.4. I cannot upgrade it now. I emptied FW_FORWARD variables in configuration. I then tried to use ipmasqadm portfw command but with no results either. Then after I flushed firewall rules for the n-th time, ipmasq mfw yielded a desired result. I really don't know what else changed or get out of stuck state. Port forwarding now works for me. I added the two commands (ipchains -I and ipmasqadm mfw) to the end of SuSEfirewall script, tried restarting rcfirewal a couple of times and it's still working. Actually, there are 3 commands, one more to flush mfw. Now I only wonder why comments in firewal.rc.config are so misleading and there is no mentioning of ipmasqadm at all. Anyway, it's good to have the problem solved. Thanks to everybody for co-operation and help. -Kastus On Sun, Feb 25, 2001 at 10:28:14PM -0600, Jeffrey Taylor wrote:
I am using the version that comes with SuSE 7.0, firewals-2.6-10. I have FW_FORWARD_TCP="192.168.0.0/16,172.20.10.0/24,ssh". 192.168.0.0 is the range of the internal networks, 172.20.10.0/24 is the subnet for the DMZ. The DMZ was moved out of my back bedroom last week, to my employer's new office, so I am relying on the backup copies of files and hoping nothing significant has changed.
HTH, Jeffrey
Quoting Konstantin (Kastus) Shchuka
: On Sun, Feb 25, 2001 at 08:52:32PM -0600, Jeffrey Taylor wrote: [snip] I've tried this (maybe a bit modified). There are neither COUNTER nor IPMASQADM variables in SuSEfirewall script. So I ran ipchains and ipmasqadm commands manually after starting rcfirewal. No good, nothing gets forwarded. ``ipmasqadm mfw -L'' shows correct results for the IP and port.
I checked, I can access Apache on internal NT from firewal machine, but if I try to access it from outside, connection never opens.
What version of firewals do you use? Do you set any values to FW_FORWARD_TCP in configuration file? What else may be different in my setup from yours?
Thanks, -Kastus
Quoting Konstantin (Kastus) Shchuka
: Hi there,
Has anybody on the list got any success configuring port forwarding using firewals-2.1-5.rpm?
I am driven completely mad. I followed all comments in configuration file, I looked thoroughly through examples, -- to no avail!
I also tried ipmasqadm with mfw module--no good.
What I actually need to do:
I have SuSE 6.4 box as a firewall. I have an NT box on internal network. I need to make Apache running on NT visible from the Internet.
Pretty simple, you would say. I thought it too. It appeared not so simple.
Please help.
-Kastus
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
participants (2)
-
Jeffrey Taylor
-
Konstantin (Kastus) Shchuka