Mailinglist Archive: opensuse-security (192 mails)

< Previous Next >
Re: [suse-security] port forwarding with ipchains / firewallpackage suse 6.4
  • From: "Jeremy Buchmann" <jeremy@xxxxxxxxxxxxxxx>
  • Date: Fri, 26 May 2000 13:32:15 -0700
  • Message-id: <200005262032.NAA01380@xxxxxxxxxxxxxxxxxxx>
Hello,
We are doing that exact thing here, and yes you may want to use another
tool. In the Linux IP-CHAINS HOW-TO, section 3.3.5, the author talks about
how to do this. I decided to use the redir program, and have not had a
problem with it for the 100+ days it has been running.
The only thing I have noticed is TCP sequence prediction gets incredibly
easy, even though on Linux it is supposed to be virtually impossible. I
combed through the code for redir and found the author was using a write()
instead of a send() to get the data back to the clients. Since we're on the
subject, let me pose a question to any network programmers out there: could
this be the cause?

--
Jeremy Buchmann
System Admin/Database Programmer
Wells Gaming Research

----------
>From: Florian Gn├Ągi <gnaegi@xxxxxxxxxxxx>
>To: suse-security@xxxxxxx
>Subject: [suse-security] port forwarding with ipchains / firewallpackage suse
6.4
>Date: Thu, May 25, 2000, 9:18 AM
>

> Hi
>
> I have serious problems installing a working port forwarding setup on a
> SuSE 6.4 box. I have a internal webserver I want to make public.
>
> +------------+ +--------------------+
> internet ---| myfirewall |----| internal www-server|
> | 195.x.x.x. | | 10.10.10.150 |
> +------------+ +--------------------+
>
> I've red all kind of masquerade, ipchains and firewall-howtos I could get
> but it still doesn't work or said the other way round: I just don't get
> it.
>
> I have no problem using the Internet from the internale network,
> masquerading seems to work fine.
>
>
> I'm using the /etc/rc.config.d/firewall.rc.config file with the parameters
>
> FW_SERVICES_EXTERNAL_TCP="www ssh domain smtp"
> FW_FORWARD_TCP="0/0,10.10.10.150,80"
>
> but it doesn't work. I tried all other kind of combinations and also with
> the option
>
> FW_REDIRECT_TCP="0/0,10.10.10.150,80,80"
>
> but I can't make it work.
>
> I installed ipmasqadm since I couldn't find it on the CD's and it was
> mentioned in all the howto's
>
> However,
>
> portfw -a -P tcp -L 195.x.x.x.x 80 -R 10.10.10.150 80
>
> didn't change anything neither.
>
>
> I'm using the standard 2.2.14 kernel which comes with SuSE 6.4, I
> recompiled and made sure alle IP and firewall options found their way
> into my kernel.
>
>
> Any hints and help would be apprechiated very much. I can send you a
> ipchains-save dump if this helps helping me...
>
>
> Do I need to install anything that doesn't come automatically with the
> suse firewall package?
>
>
>
> greetings
>
> -florian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>

< Previous Next >
This Thread
  • No further messages