Hi All,
I was wondering if someone could help me with a similar problem to the one
below. I am running an Eiger version with the extended scripts installed in a
dial on demand configuration. My problem stems from the fact that the modem is
not always on and I only turn it on when I want to connect to the Internet but
always run the LRP when the network is up because it provides my DHCP service.
I have also added dns2go to my setup to activate when I am dialed up and wish to
also reinitiate my port forwarding at this time to use the dynamic address I
recieve from my ISP.
The Setup:
dns2go is called from the /etc/ppp/ip-up script and deactivated from the
/etc/ppp/ip-down script. This works for me ok. My problem is to activate the
port forwarding also at this time and to that end I have created a script using
the relevant parts of the network.conf and ipfilter.conf which I have called
ports and placed in the /etc/ppp/ip-up.d directory as my research indicated
scripts in this directory should be run after the ip-up script. Can someone
tell me if this is true and if not how and what I need to change to make this
script run every time the modem dials?
My other problem is similar to below and concerns the part that finds the
EXTERN_IP address. if I type the same commannd at the prompt I get the
following result.
gra005: -root-
# ip addr list label ppp0 | grep inet | sed '1!d' | sed 's/^.*inet
\(.*\..*\..*\..*\)\/.*$/\1/'
194.152.64.35 peer 194.192.64.35
Am I missing something or have I typed this line in incorrectly? At this point
I believe the result I am receiving is causing my problem. Can anyone help?
The contents of the script I created are as follows, straight from Charles's
scripts. I am not well versed in Linux/Unix/LRP scripting and my entire Linux
experience to date has been gained on the LRP in configuring several of these
machines for work and at home. Currently 4 machines in service.
#! /bin/sh
#
# This script is run with a dial up modem connection using DHCP with a non fixed
# address to enable port forwarding to internal services after the interface
# is up so that the true address of the external interface is used in the
# port forwarding commands.
#
# Added by Andrew Gray, September 2001.
#
# Find the External IP Address
# This computes the IP Address of the $EXTERNAL_IF
#
# GREP extracts just the line(s) with IP address information from the output
# of ip addr. The first SED gets rid of all but the first line (in case
# there are several IP addresses for some reason), and the next SED extracts
# just the IP address in dot quad notation.
EXTERN_IF=ppp0
EXTERN_IP='ip addr list label $EXTERN_IF | \
grep inet | \
sed '1!d' | \
sed 's/^.*inet \(.*\..*\..*\..*\)\/.*$/\1/''
# Clear all current Port Forwarding Rules.
ipmasqadm portfw -f
# Debugging - Remove if you like.
echo Extern IP: $EXTERN_IP
# UDP Ports to open.
# Format: "SrcAddr/Mask Port DestAddr"
#EXTERN_UDP_PORT0="0/0 domain "$EXTERN_IF
# TCP Ports to open.
# Format: "SrcAddr/Mask Port DestAddr"
EXTERN_TCP_PORT0="0/0 1723 "$EXTERN_IP
# Uncomment the following for internal services.
#INTERN_FTP_SERVER=10.10.104.1 # Internal FTP service to make available
#INTERN_WWW_SERVER=10.10.104.1 # Internal WWW service to make available
#INTERN_SMTP_SERVER=10.10.104.1 # Internal SMTP service to make available
#INTERN_POP3_SERVER=10.10.104.1 # Internal POP3 service to make available
#INTERN_IMAP_SERVER=10.10.104.1 # Internal IMAP service to make available
#INTERN_SSH_SERVER=192.168.2.10 # Internal SSH service to make available
INTERN_VPN_SERVER=192.168.2.10 # Internal VPN service to make available
EXTERN_VPN_PORT=1723
INTERN_VNC_SERVER=192.168.2.30 # Internal VNC service to make available
EXTERN_VNC_PORT=49613
if [ -n "$INTERN_FTP_SERVER" ] ; then
ipmasqadm portfw -a -P tcp -L $EXTERN_IP ftp -R $INTERN_FTP_SERVER ftp
fi
if [ -n "$INTERN_WWW_SERVER" ] ; then
ipmasqadm portfw -a -P tcp -L $EXTERN_IP www -R $INTERN_WWW_SERVER www
fi
if [ -n "$INTERN_SMTP_SERVER" ] ; then
ipmasqadm portfw -a -P tcp -L $EXTERN_IP SMTP -R $INTERN_SMTP_SERVER
smtp
fi
if [ -n "$INTERN_POP3_SERVER" ] ; then
ipmasqadm portfw -a -P tcp -L $EXTERN_IP pop3 -R $INTERN_POP3_SERVER
pop3
fi
if [ -n "$INTERN_IMAP_SERVER" ] ; then
ipmasqadm portfw -a -P tcp -L $EXTERN_IP imap -R $INTERN_IMAP_SERVER
imap
fi
if [ -n "$INTERN_SSH_SERVER" ] ; then
if [ -n "$EXTERN_SSH_PORT" ] ; then
ipmasqadm portfw -a -P tcp -L $EXTERN_IP $EXTERN_SSH_PORT \
-R $INTERN_SSH_SERVER ssh
else
ipmasqadm portfw -a -P tcp -L $EXTERN_IP ssh -R
$INTERN_SSH_SERVER ssh
fi
fi
if [ -n "$INTERN_VPN_SERVER" ] ; then
if [ -n "$EXTERN_VPN_PORT" ] ; then
ipmasqadm portfw -a -P tcp -L $EXTERN_IP $EXTERN_VPN_PORT \
-R $INTERN_VPN_SERVER 1723
else
ipmasqadm portfw -a -P tcp -L $EXTERN_IP 1723 -R
$INTERN_VPN_SERVER 1723
fi
ipchains -I input 1 -j ACCEPT -p 47
ipfwd --masq $INTERN_NPN_SERVER 47 &
else
ipchains -I input 1 -j ACCEPT -p 47
fi
if [ -n "$INTERN_VNC_SERVER" ] ; then
if [ -n "$EXTERN_VNC_PORT" ] ; then
ipmasqadm portfw -a -P tcp -L $EXTERN_IP $EXTERN_VNC_PORT \
-R $INTERN_VNC_SERVER 5900
else
ipmasqadm portfw -a -P tcp -L $EXTERN_IP 5900 -R
$INTERN_VNC_SERVER 5900
fi
fi
I hope this is not too long winded and that I have provided enough information
for someone to help me.
Thanks in advance,
Andrew GRAY
Hi James!
>
> Thank you for the suggestion, Nicolas. However, EXTERN_DHCP is set to YES,
> so that is apparently not the problem. I am puzzled that SSH is
> portforwarded through the box without problems and without generating error
> messages, but IMAP is not.
I read your message a little too fast yesterday and for some weird reason I
thought
I had read that the config you had done with a static IP had two forwards (ssh &
imap)
while the new one with the dynamic IP had only a port forward for imap... (I
reread
your message today and realized that I had misread, sorry...)
I do think I found the real reason this time however... (and it's actually your
original
message that gave me a good clue as to where to look (-; )
BTW, I reread what Jeff had suggested and he was actually right on the bullet
(hope I got
that expression right (ie remember that English is not my mother tongue)).
Replace the two lines in /etc/services which contain imap2 so that they read as
follow:
imap2 143/tcp imap # Interim Mail Access Proto v2
imap2 143/udp imap
I added imap to the list of aliases for imap 2. I looked at the /etc/services of
a pc which use
a "full" distribution of Linux and this what these lines looked like... I also
looked at the
/etc/services of another *nix variant and these lines were actually defined that
way:
imap 143/tcp imap2 imap4 # Interim Mail Access Proto v2 &
V4
imap 143/udp imap2 imap4
which I think I would prefer over the previous definition since I think IMAP,
whatever the version
and as long as it is not encrypted, uses port 143 and imap2 and imap4 are simply
versions of this
protocol and should probably only be defined as alias (but take this with a
grain of salt since
I'm no *nix or imap guru... (-; ).
Why will this work? If you have the same /etc/services I have (ie without the
definition for imap)
if you used "0/0_imap" no port was actually opened on the firewall but once you
used "0/0_imap2"
you could see that rules were added to open this port but no forwarding rules
for IMAP were added.
The port forwarding "rules" are actually added in /etc/ipfilter.conf (what
"rules" are added and
where they forward to depends on the content of /etc/network.conf) and the
relevant lines in
ipfilter.conf which add that "rule" refer to this protocol as imap and not imap2
(so that's why
it complains)
<<
if [ -n "$INTERN_IMAP_SERVER" ] ; then
$IPMASQADM portfw -a -P tcp -L $EXTERN_IP imap -R $INTERN_IMAP_SERVER imap
fi ---- ----
>>
Which is perfectly ok for a "normal" /etc/services but not for the one Lrp uses
(or at least
the Eiger variants...).
Let me know if that works... (ie the modification to /etc/services)
Good luck!
Nick
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
