[opensuse] Network Masquerading in SuSEfirewall 2
I'm trying to use SuSEfirewall 2 to pass incoming IMAP connections to the computer on my network that has an IMAP server running. However, I do not seem to be able to access it. The settings in the masquerade rule are: Source network 0/0 protocol tcp Req IP <actual internet address> Req port (imaps) 993 Redir to IP 172.16.1.10 Redir to port (imaps) 993 As far as I can tell, those are the correct settings, but I cannot even telnet to port 993 at the desired address. Get connection refused. Also, www.grc.com shows that port open, but nmap does not. Any ideas? tnx jk -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
I'm trying to use SuSEfirewall 2 to pass incoming IMAP connections to the computer on my network that has an IMAP server running. However, I do not seem to be able to access it.
The settings in the masquerade rule are: Source network 0/0 protocol tcp Req IP <actual internet address> Req port (imaps) 993 Redir to IP 172.16.1.10 Redir to port (imaps) 993
As far as I can tell, those are the correct settings, but I cannot even telnet to port 993 at the desired address. Get connection refused.
Also, www.grc.com shows that port open, but nmap does not. Any ideas?
tnx jk
I have also tried without Req IP specified, resulting in the line: FW_FORWARD_MASQ="0/0,10.0.0.0,tcp,113 0/0,172.16.1.10,tcp,993" in SUSEFirewall2, as described in http://chorgan.provo.novell.com/susefirewall2/web/FAQ.html#id2480008, but it still doesn't work. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Can I ask a silly question These IMAP packets are coming from the net ? Do you have a router aiming the incoming packets towards the intended box ? Does it work with the firewall turned off ? Cheers ----- Original Message ----- From: "James Knott" <james.knott@rogers.com> To: "SUSE Linux" <opensuse@opensuse.org> Sent: Saturday, July 31, 2010 10:35 AM Subject: Re: [opensuse] Network Masquerading in SuSEfirewall 2
James Knott wrote:
I'm trying to use SuSEfirewall 2 to pass incoming IMAP connections to the computer on my network that has an IMAP server running. However, I do not seem to be able to access it.
The settings in the masquerade rule are: Source network 0/0 protocol tcp Req IP <actual internet address> Req port (imaps) 993 Redir to IP 172.16.1.10 Redir to port (imaps) 993
As far as I can tell, those are the correct settings, but I cannot even telnet to port 993 at the desired address. Get connection refused.
Also, www.grc.com shows that port open, but nmap does not. Any ideas?
tnx jk
I have also tried without Req IP specified, resulting in the line: FW_FORWARD_MASQ="0/0,10.0.0.0,tcp,113 0/0,172.16.1.10,tcp,993" in SUSEFirewall2, as described in http://chorgan.provo.novell.com/susefirewall2/web/FAQ.html#id2480008, but it still doesn't work.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I would be making some test scripts in perl and doing some packet sniffing ----- Original Message ----- From: "Andrew Rich" <vk4tec@tech-software.net> To: "James Knott" <james.knott@rogers.com>; "SUSE Linux" <opensuse@opensuse.org> Sent: Saturday, July 31, 2010 10:39 AM Subject: Re: [opensuse] Network Masquerading in SuSEfirewall 2
James
Can I ask a silly question
These IMAP packets are coming from the net ?
Do you have a router aiming the incoming packets towards the intended box ?
Does it work with the firewall turned off ?
Cheers
----- Original Message ----- From: "James Knott" <james.knott@rogers.com> To: "SUSE Linux" <opensuse@opensuse.org> Sent: Saturday, July 31, 2010 10:35 AM Subject: Re: [opensuse] Network Masquerading in SuSEfirewall 2
James Knott wrote:
I'm trying to use SuSEfirewall 2 to pass incoming IMAP connections to the computer on my network that has an IMAP server running. However, I do not seem to be able to access it.
The settings in the masquerade rule are: Source network 0/0 protocol tcp Req IP <actual internet address> Req port (imaps) 993 Redir to IP 172.16.1.10 Redir to port (imaps) 993
As far as I can tell, those are the correct settings, but I cannot even telnet to port 993 at the desired address. Get connection refused.
Also, www.grc.com shows that port open, but nmap does not. Any ideas?
tnx jk
I have also tried without Req IP specified, resulting in the line: FW_FORWARD_MASQ="0/0,10.0.0.0,tcp,113 0/0,172.16.1.10,tcp,993" in SUSEFirewall2, as described in http://chorgan.provo.novell.com/susefirewall2/web/FAQ.html#id2480008, but it still doesn't work.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Andrew Rich wrote:
I would be making some test scripts in perl and doing some packet sniffing I'm already using Wireshark to watch the external and local firewall interfaces.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Andrew Rich wrote:
Can I ask a silly question
These IMAP packets are coming from the net ?
Do you have a router aiming the incoming packets towards the intended box ?
Does it work with the firewall turned off ? I can access the imap server from the local network. At the moment, I have another router between my firewall and the cable modem, so I can simulate a computer on the internet. Both the firewall external port and my notebook computer are on the 4 port switch side of that router. I can ping and ssh to my firewall this way. Also, when I watch with Wireshark, on my firewall, I can see the attempts to reach the imap server coming in on the external interface, but they never reach the local lan.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 07/31/2010 02:51 AM, James Knott wrote:
I can access the imap server from the local network. At the moment, I have another router between my firewall and the cable modem, so I can simulate a computer on the internet. Both the firewall external port and my notebook computer are on the 4 port switch side of that router. I can ping and ssh to my firewall this way. Also, when I watch with Wireshark, on my firewall, I can see the attempts to reach the imap server coming in on the external interface, but they never reach the local lan.
You may want to try "SuSEfirewall2 test" as this will not filter the traffic but will log the packets. It can help you to identify the problem with your setting and once you correct it you can issue the "SuSEfirewal2" command Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Togan Muftuoglu wrote:
On 07/31/2010 02:51 AM, James Knott wrote:
I can access the imap server from the local network. At the moment, I have another router between my firewall and the cable modem, so I can simulate a computer on the internet. Both the firewall external port and my notebook computer are on the 4 port switch side of that router. I can ping and ssh to my firewall this way. Also, when I watch with Wireshark, on my firewall, I can see the attempts to reach the imap server coming in on the external interface, but they never reach the local lan.
You may want to try "SuSEfirewall2 test" as this will not filter the traffic but will log the packets. It can help you to identify the problem with your setting and once you correct it you can issue the "SuSEfirewal2" command
Togan
Strange thing. Today it's working, both using the extra router and when I "borrow" my neighbour's open WiFi. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Andrew Rich -
James Knott -
Togan Muftuoglu