Hi Pawel, yes that seems to be the best way to handle it. But I will start the script inside the ip-up script. This is a pppd script on solaris that will everytime the daemon restarts executed.
Big thanks for your help. Greetings Aleksander PSV> Hi, PSV> Not just your address will change, but some times your interface PSV> may also jump to sppp1 (I had this problem with S8 and pacbell DSL) PSV> Here is my rigged ipfboot, and also my ipnat.conf.orig and PSV> ipf.conf.orig. PSV> The idea is : you edit ipnat.conf.orig and ipf.conf.orig, and the PSV> ipfboot will automatically replace needed macros while creating PSV> ipf.conf and ipnat.conf. Two macros are defined : PSV> $EXTIF : interface name PSV> $LOCALIP : my IP (on the $EXTIF) PSV> Thanks, PSV> Pawel. PSV> On Sat, Sep 10, 2005 at 09:18:54PM +0200, Aleksander wrote: >>Hi Pawel, >>thanks for your help. I found the problem. The 0/32 alias dont work >>with rdr. It only works with map and bimap. >>Then I change the rules to: >>rdr sppp0 x.x.x.x port 4662 -> 192.168.1.2 port 4662 tcp >>rdr sppp0 x.x.x.x port 3620 -> 192.168.1.2 port 3620 udp >>everything works fine. But I get on every reconnection a new ip. >>Do you have an idea how to change this rule to "any ip", so that I >>dont have to update my ipnat.conf on every reconnect? >> >>Best regards, >>Aleksander >> >> >>PSV> Aleksander, >> >>PSV> this port checkers won't work all the time. >>PSV> The best way to debug this is to have a system outside, >>PSV> and just telnet to port 4662 to your ip, and check the packets flow. >> >>PSV> Set up tcpdump on both external and internal interfaces, and see >>PSV> if the incoming packets on both interfaces. >> >>PSV> Also I'm not familiar with '0/32' way of encoding the source/destination >>PSV> address for NAT, hopefully this means the actual interface address, or >>the >>PSV> way you scrambled your ip. >> >>PSV> Also, try telnetting to any outside ip, port 4662, and see if you >>PSV> can sniff those packets on internal/external interfaces. >> >>PSV> Also, since this is solaris, make sure your routing is actually >>PSV> turned on. Sometimes I got fooled by having the corresponding parameter >>PSV> being turned off :) 'ndd -get /dev/ip ip_forwarding' should reply '1' >>PSV> if it is on. >> >>PSV> Hope this helps, >>PSV> Pawel. >> >>PSV> On Wed, Sep 07, 2005 at 07:43:37PM +0200, Aleksander wrote: >>>>Hi Pawel, >>>>strange i have nearly the same ruleset. i changed the ports in the >>>>edonkey config file and changed the rules and added "flags S keep >>>>state keep frags" to the tcp rule but nothing changed. >>>>then i capture the traffic i see packets arriving on the specified >>>>ports, but on the connection tester >>>>http://www.preinheimer.com/cgi-bin/connectiontest/connectiontest2.cgi >>>>i always get an error. >>>> >>>>thanks for your help >>>> >>>> >>>>p.s.: >>>>actual config files: >>>>/etc/ipf/ipf.conf >>>>pass in quick on sppp0 proto tcp from any to 192.168.1.2/32 port >>>>= 4662 flags S keep state keep frags >>>>pass in quick on sppp0 proto udp from any to 192.168.1.2/32 port = 3620 >>>>keep state >>>>block in on sppp0 all >>>>pass out on sppp0 all keep state >>>> >>>>/etc/ipf/ipnat.conf >>>>map sppp0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp >>>>map sppp0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto >>>>map sppp0 192.168.1.0/24 -> 0/32 >>>>rdr sppp0 0/32 port 4662 -> 192.168.1.2 port 4662 tcp >>>>rdr sppp0 0/32 port 3620 -> 192.168.1.2 port 3620 udp >>>> >>>> >>>> >>>>PSV> Here are my [working] rules for eMule: >>>>>>> from ipf.conf (hme1 is external iface) >>>>PSV> pass in quick on hme1 proto tcp from any to 192.168.0.3/32 >>>>PSV> port = 1082 flags S keep state keep frags >>>>PSV> pass in quick on hme1 proto udp from any to >>>>192.168.0.3/32 port = 1081 keep state >>>>>>> from ipnat.conf (xxxx'es is external IP) >>>>PSV> # emule >>>>PSV> rdr hme1 xx.x.xxx.xxx/32 port 1081 -> 192.168.0.3 port 1081 udp >>>>PSV> rdr hme1 xx.x.xxx.xxx/32 port 1082 -> 192.168.0.3 port 1082 tcp >>>>PSV> # actual nat >>>>PSV> map hme1 192.168.0.0/24 -> xx.x.xxx.xxx/32 portmap tcp/udp 10000:50000 >>>> >>>>PSV> Obviously, I use different ports than the default. >>>> >>>>PSV> I think you don't need any 'pass out' rules in your ipnat.conf, as >>>>PSV> you have 'pass out on sppp0 all' at the end anyway. Also, servers will >>>>PSV> not necessarily listen on the default 466x port, since the time when >>>>PSV> ISPs started to filter that port out in an attempt to block ed2k >>>>traffic. >>>> >>>>PSV> Thanks, >>>>PSV> Pawel. >>>> >>>>PSV> On Tue, Sep 06, 2005 at 09:17:36AM -0700, bsdboy wrote: >>>>>> --- Aleksander <[EMAIL PROTECTED]> wrote: >>>>>> From: Aleksander <[EMAIL PROTECTED]> >>>>>> Date: Tue, 6 Sep 2005 13:41:56 +0200 >>>>>> To: [email protected] >>>>>> Subject: edonkey >>>>>> Hi, >>>>>> i wanted to set up edonkey to run on a client(192.168.1.2). the >>>>>> router(192.168.1.1) on a solaris 10 box is firewalled with ipf. i cant >>>>>> figure out how to set up the rules properly. here is what i have done: >>>>>> /etc/ipf/ipf.conf >>>>>> pass in quick on sppp0 proto tcp from any to 192.168.1.2 port = 4662 >>>>>> keep state >>>>>> pass in quick on sppp0 proto udp from any to 192.168.1.2 port = 3620 >>>>>> keep state >>>>>> pass out quick on sppp0 proto tcp from 192.168.1.2 to any port = 4661 >>>>>> keep state >>>>>> pass out quick on sppp0 proto tcp from 192.168.1.2 to any port = 4662 >>>>>> keep state >>>>>> pass out quick on sppp0 proto udp from 192.168.1.2 to any port = 4665 >>>>>> keep state >>>>>> block in on sppp0 all >>>>>> pass out on sppp0 all >>>>>> /etc/ipf/ipnat.conf >>>>>> map sppp0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp >>>>>> map sppp0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto >>>>>> map sppp0 192.168.1.0/24 -> 0/32 >>>>>> rdr sppp0 0/32 port 4662 -> 192.168.1.2 port 4662 tcp >>>>>> rdr sppp0 0/32 port 3620 -> 192.168.1.2 port 3620 udp >>>>>> i always get the message that the client(edonkeyclc) cant connect to >>>>>> the server. i use the default port configuration. >>>>>> has someone an idea what`s wrong here? or has someone a working >>>>>> configuration and can teach me how to set this up right. >>>>>> thanks for your help >>>>>> Hi Aleksander. >>>>>> Look before i have the same question, i have emule running on >>>>>> my home but i only use with emule ports TCP 4662 and UDP 4672 on >>>>>> Freebsd 4.11 >>>>>> >>>>>> http://www.emule-project.net/home/perl/help.cgi?l=1&rm=show_topic&topi >>>>>> c_id=122 >>>>>> My case: >>>>>> >>>>>> http://marc.theaimsgroup.com/?l=ipfilter&m=109824738619727&w=2 >>>>>> Is in the maillist of ipfilter, but i dont know why my browser show >>>>>> me incorrect the message, i cannot see clear text, well hope this help >>>>>> you. >>>>>> Greetings. >>>>>> >>>>>> _________________________________________________________________ >>>>>> >>>>>> Create tu cuenta webmail en http://www.starlinux.net >>>> >>>> >> >> >> >>-- >>Mit freundlichen GrĂ¼ssen >>Aleksander mailto:[EMAIL PROTECTED] >>
