I'm using the firewall script, and find it excellent (especially since I'm new to Linux). Trying to set up a server with a firewall and NAT connected to the internet on a Alcatel Speedtouch USB modem (ADSL in France). I need to communicate with the outside world from a WinXP box on my LAN. All the "basic" functionality (MSN Messenger, FTP, HTTP, Telnet) is working fine, and I've now come to the "hard" stuff:
Netmeeting: Having confirmed that Netmeeting will not function without doing anything "special", I've installed NMPROXY (http://www.cryogenic.net/nmproxy.html#WhatDo ) on the Linux box. I can still not get it to work properly. I can initiate a call, and the other end receives sound and video, whilst I receive nothing. There seems to be no mailing list or any other kind of support for nmproxy. Can someone help me with the following: Trying to trace the problem, I'm following the advice on the nmproxy: "The first thing to try is the command on your Linux system: telnet localhost 1720. This should connect. If you press enter, you should get see an error message "Length identifier not 3". If you do, then this is a sure sign that the proxy is intercepting the requests." This works fine for me. However, the following does not: "If everything looks OK up to here, then try using telnet from an MSDOS prompt on your PC. telnet firewall 1720 where firewall is the domain name or IP address of the system that nmproxy is installed on. This should connect, and again if you press enter, then you should get the "Length identifier not 3" error message. If it won't connect then the firewall rule that permits input from your LAN on port 1720 is probably not working." I am able to CONNECT (or at least I get no error message), but does not receive any message (just a black DOS telnet-screen). My PC (Win XP Pro) is on 192.168.0.1 My Linux (Redhat 9 (2.4.20-8 Kernel)) is on 192.168.0.3 (eth0), and the modem is ppp0. I therefore only run FIREWALL START (calling from rc.local) after the modem connection is established. My firewall.conf ======================================================================= IPTABLES=`which iptables` ANYWHERE="0/0" INT_IP="192.168.0.3" EXT_IP=`ifconfig ppp0 | grep -i "addr:" | cut -f2 -d: | cut -f1 -d " "` #EXT_IP="" EXT_INTERFACES="ppp0" INT_NETWORKS="192.168.0.0/24" LOGGING_ENABLED="1" LOGGING_PREFIX="FW:" #BLOCKED_MACS="" #BLOCKED_SRC_IPS="" #BLOCKED_DST_IPS="" #BLOCKED_OUTGOING_PORTS="" #BLOCKED_PORTS="137:139" ALLOWED_PORTS="21 23 53" ALLOWED_PORTS_UDP="10200:10259" ALLOWED_PORTS_TCP="22 1723 10200:10209 80" #ALLOWED_PROTOCOLS="0/0(1) 0/0(6) 0/0(17) 0/0(46) 0/0(50)" PORT_FORWARDS="$EXT_IP(6891:6892)-192.168.0.1(6891:6892) \ $EXT_IP(47526)-192.168.0.1(47526) \ $EXT_IP(13139:13142)-192.168.0.1(13139:13142) \ $EXT_IP(27900)-192.168.0.1(27900) \ $EXT_IP(28900)-192.168.0.1(28900) \ $EXT_IP(29900:29901)-192.168.0.1(29900:29901) \ $EXT_IP(34000)-192.168.0.1(34000) \ $EXT_IP(3783)-192.168.0.1(3783) \ $EXT_IP(6515)-192.168.0.1(6515) \ $EXT_IP(6667)-192.168.0.1(6667) \ $EXT_IP(2300:2400)-192.168.0.1(2300:2400) \ $EXT_IP(5222)-192.168.0.1(5222) \ $EXT_IP(1720)-192.168.0.1(1720) \ $EXT_IP(1731)-192.168.0.1(1731) \ $EXT_IP(1503)-192.168.0.1(1503) \ $EXT_IP(522)-192.168.0.1(522) \ $EXT_IP(389)-192.168.0.1(389) \ $EXT_IP(113)-192.168.0.1(123) \ $EXT_IP(113)-192.168.0.1(113)" #PORT_FORWARDS_SRC="" ## Trusted ## # TRUSTED_CONNECTIONS="232.123.123.6()-192.168.0.2(:1024) \ # 232.123.123.5(:1024)-192.168.0.2(514)" #TRUSTED_CONNECTIONS="" TRUSTED_INTERFACES="eth0" #SQUID_ENABLED="1" #SQUID_PORT="3128" PRESTART="" POSTSTART="/usr/local/sbin/initmodftp" PRESTOP="" POSTSTOP="" PRERESTART="" POSTRESTART="" =============================================================== My questions are: 1. Following the recommendation for NMPROXY: [quote] What do I need to do to the firewall configuration? This depends on whether the proxy is running on the firewall machine. If it is, then the firewall has to be configured so that it redirects requests to the port used for NetMeeting (1720) to the local host, and to allow TCP and UDP packets for the ports used by the proxy. The example commands below assume that the default nmproxy configuration is being used. Of course, the commands depend on which operating system and firewall software is being used. Linux iptables If you're using Linux iptables, then the equivalent commands are: iptables -I PREROUTING -t nat -p tcp --dport 1720 -j REDIRECT iptables -I INPUT -p tcp --dport 1720 -j ACCEPT iptables -I INPUT -p tcp --dport 10200:10209 -j ACCEPT iptables -I INPUT -p udp --dport 10200:10259 -j ACCEPT # Allow output - you probably already have this. iptables -I OUTPUT -p tcp -j ACCEPT iptables -I OUTPUT -p udp -j ACCEPT # Allow non-connection input packets. Alternatively, use connection tracking. iptables -I INPUT -p tcp ! --syn -j ACCEPT [/quote] Have I configured firewall.conf correctly? 2. Do I explicitly have to allow traffic on incoming ports, or is it enough if e.g. one port is referenced in PORT_FORWARDS ? 3. Do I have to uncomment #ALLOWED_PROTOCOLS, or are all protocols accepted by default? 4. Any other advice someone can give me. Thanks in advance.
