Hi Pawel, thanks for your help. I found the problem. The 0/32 alias dont work with rdr. It only works with map and bimap. Then I change the rules to: rdr sppp0 x.x.x.x port 4662 -> 192.168.1.2 port 4662 tcp rdr sppp0 x.x.x.x port 3620 -> 192.168.1.2 port 3620 udp everything works fine. But I get on every reconnection a new ip. Do you have an idea how to change this rule to "any ip", so that I dont have to update my ipnat.conf on every reconnect?
Best regards, Aleksander PSV> Aleksander, PSV> this port checkers won't work all the time. PSV> The best way to debug this is to have a system outside, PSV> and just telnet to port 4662 to your ip, and check the packets flow. PSV> Set up tcpdump on both external and internal interfaces, and see PSV> if the incoming packets on both interfaces. PSV> Also I'm not familiar with '0/32' way of encoding the source/destination PSV> address for NAT, hopefully this means the actual interface address, or the PSV> way you scrambled your ip. PSV> Also, try telnetting to any outside ip, port 4662, and see if you PSV> can sniff those packets on internal/external interfaces. PSV> Also, since this is solaris, make sure your routing is actually PSV> turned on. Sometimes I got fooled by having the corresponding parameter PSV> being turned off :) 'ndd -get /dev/ip ip_forwarding' should reply '1' PSV> if it is on. PSV> Hope this helps, PSV> Pawel. PSV> On Wed, Sep 07, 2005 at 07:43:37PM +0200, Aleksander wrote: >>Hi Pawel, >>strange i have nearly the same ruleset. i changed the ports in the >>edonkey config file and changed the rules and added "flags S keep >>state keep frags" to the tcp rule but nothing changed. >>then i capture the traffic i see packets arriving on the specified >>ports, but on the connection tester >>http://www.preinheimer.com/cgi-bin/connectiontest/connectiontest2.cgi >>i always get an error. >> >>thanks for your help >> >> >>p.s.: >>actual config files: >>/etc/ipf/ipf.conf >>pass in quick on sppp0 proto tcp from any to 192.168.1.2/32 port >>= 4662 flags S keep state keep frags >>pass in quick on sppp0 proto udp from any to 192.168.1.2/32 port = 3620 keep >>state >>block in on sppp0 all >>pass out on sppp0 all keep state >> >>/etc/ipf/ipnat.conf >>map sppp0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp >>map sppp0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto >>map sppp0 192.168.1.0/24 -> 0/32 >>rdr sppp0 0/32 port 4662 -> 192.168.1.2 port 4662 tcp >>rdr sppp0 0/32 port 3620 -> 192.168.1.2 port 3620 udp >> >> >> >>PSV> Here are my [working] rules for eMule: >>>>> from ipf.conf (hme1 is external iface) >>PSV> pass in quick on hme1 proto tcp from any to 192.168.0.3/32 >>PSV> port = 1082 flags S keep state keep frags >>PSV> pass in quick on hme1 proto udp from any to 192.168.0.3/32 port = 1081 >>keep state >>>>> from ipnat.conf (xxxx'es is external IP) >>PSV> # emule >>PSV> rdr hme1 xx.x.xxx.xxx/32 port 1081 -> 192.168.0.3 port 1081 udp >>PSV> rdr hme1 xx.x.xxx.xxx/32 port 1082 -> 192.168.0.3 port 1082 tcp >>PSV> # actual nat >>PSV> map hme1 192.168.0.0/24 -> xx.x.xxx.xxx/32 portmap tcp/udp 10000:50000 >> >>PSV> Obviously, I use different ports than the default. >> >>PSV> I think you don't need any 'pass out' rules in your ipnat.conf, as >>PSV> you have 'pass out on sppp0 all' at the end anyway. Also, servers will >>PSV> not necessarily listen on the default 466x port, since the time when >>PSV> ISPs started to filter that port out in an attempt to block ed2k traffic. >> >>PSV> Thanks, >>PSV> Pawel. >> >>PSV> On Tue, Sep 06, 2005 at 09:17:36AM -0700, bsdboy wrote: >>>> --- Aleksander <[EMAIL PROTECTED]> wrote: >>>> From: Aleksander <[EMAIL PROTECTED]> >>>> Date: Tue, 6 Sep 2005 13:41:56 +0200 >>>> To: [email protected] >>>> Subject: edonkey >>>> Hi, >>>> i wanted to set up edonkey to run on a client(192.168.1.2). the >>>> router(192.168.1.1) on a solaris 10 box is firewalled with ipf. i cant >>>> figure out how to set up the rules properly. here is what i have done: >>>> /etc/ipf/ipf.conf >>>> pass in quick on sppp0 proto tcp from any to 192.168.1.2 port = 4662 >>>> keep state >>>> pass in quick on sppp0 proto udp from any to 192.168.1.2 port = 3620 >>>> keep state >>>> pass out quick on sppp0 proto tcp from 192.168.1.2 to any port = 4661 >>>> keep state >>>> pass out quick on sppp0 proto tcp from 192.168.1.2 to any port = 4662 >>>> keep state >>>> pass out quick on sppp0 proto udp from 192.168.1.2 to any port = 4665 >>>> keep state >>>> block in on sppp0 all >>>> pass out on sppp0 all >>>> /etc/ipf/ipnat.conf >>>> map sppp0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp >>>> map sppp0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto >>>> map sppp0 192.168.1.0/24 -> 0/32 >>>> rdr sppp0 0/32 port 4662 -> 192.168.1.2 port 4662 tcp >>>> rdr sppp0 0/32 port 3620 -> 192.168.1.2 port 3620 udp >>>> i always get the message that the client(edonkeyclc) cant connect to >>>> the server. i use the default port configuration. >>>> has someone an idea what`s wrong here? or has someone a working >>>> configuration and can teach me how to set this up right. >>>> thanks for your help >>>> Hi Aleksander. >>>> Look before i have the same question, i have emule running on >>>> my home but i only use with emule ports TCP 4662 and UDP 4672 on >>>> Freebsd 4.11 >>>> >>>> http://www.emule-project.net/home/perl/help.cgi?l=1&rm=show_topic&topi >>>> c_id=122 >>>> My case: >>>> http://marc.theaimsgroup.com/?l=ipfilter&m=109824738619727&w=2 >>>> Is in the maillist of ipfilter, but i dont know why my browser show >>>> me incorrect the message, i cannot see clear text, well hope this help >>>> you. >>>> Greetings. >>>> >>>> _________________________________________________________________ >>>> >>>> Create tu cuenta webmail en http://www.starlinux.net >> >> -- Mit freundlichen GrĂ¼ssen Aleksander mailto:[EMAIL PROTECTED]
