RE: port redirection

2 Jul 1999 19:28:37 -0000 

On Thursday, July 01, 1999 10:37 AM, Dan Everton
[SMTP:[EMAIL PROTECTED] wrote:
> On Thu, 1 Jul 1999, Ralf G. R. Bergs wrote:
>
> There is a patch available. You can find it here
> http://www.ox.compsoc.org.uk/~steve/portforwarding.html
> 
> I think it's packaged somewhere in the Debian distribution... *checks
> package listing* yes it is. You can find it here:
> http://www.debian.org/Packages/stable/net/ipportfw.html

Wow. This opened some doors for me! But now, I get to flood with newbie
questions. =)

First of all, I have a 486-33dx4 acting as my masq-firewall. Its at Kernel
2.0.36, has a ppp0 properly set up and masquerades to a small network of
192.168.2.* addressed computers.  The firewall rules are below.
        ipfwadm -F -p deny
        ipfwadm -F -a m -S192.168.2.0/24 -D 0.0.0.0/0
        ipfwadm -I -p accept
        # the following line blocks incoming telnets since I use ssh to
connect
        ipfwadm -I -a r -DXXX.XXX.XXX.XXX/32 23 # address removed to protect
the ignorant (me).

I compiled in port forwarding support and added the following lines to my
setup which allowed quicktime streaming to work for my Wife's machine:
        ipportfw -A -tXXX.XXX.XXX.XXX/554 -R 192.168.2.2/554
        # and a WHOLE BUNCH of udp routing lines.

Now, what I want to do, but haven't been able to get working is a forwarding
scheme for CVS. I want to have my gateway XXX.XXX.XXX.XXX box redirect its
port 6060 to my workstations (192.168.2.1) cvspserver port (2401).

To this affect I entered the following lines:
        ipportfw -A -tXXX.XXX.XXX.XXX/6060 -R 192.168.2.3/2401
        ipportfw -A -uXXX.XXX.XXX.XXX/6060 -R 192.168.2.3/2401

Before I was doing portforwarding on 6060 when I telnet to that port on my
box I get the message "telnet: Unable to connect to remote host: Connection
refused".  AFTER I add port forwarding on 6060 I get "telnet: Unable to
connect to remote host: Connection timed out".

The transactions are starting, they just aren't finishing.  My pet theory is
that this port forwarding thing isn't dealing with masquerading of the
returned packets, but like I said, I'm pretty clueless with this.

Any help appreciated!
Jonathan Lupa
~
[EMAIL PROTECTED]

Reply via email to