On Wednesday 13 February 2002 23:05, Matt Schalit wrote:
> Doug Sampson wrote:
<snip good stuff from everyone>
> > # network.conf
> > # ICMP types to open
> > # Indexed list: "SrcAddr/Mask type [ DestAddr[/DestMask] ]"
> > #EXTERN_ICMP_PORT0="0/0 : 1.1.1.12"
> >
> > ## UDP Services open to outside world
> > # Space seperated list: srcip/mask_dstport
> > # NOTE: bootpc port is used for dhcp client
> > # EXTERN_UDP_PORTS="0/0_domain 0/0_bootpc"
> > EXTERN_UDP_PORTS="0/0_domain"
> >
> > # -or-
> > # Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
> > #EXTERN_UDP_PORT0="0/0 domain"
> > #EXTERN_UDP_PORT1="5.6.7.8 500 1.1.1.12"
> >
> > # TCP services open to outside world
> > # Space seperated list: srcip/mask_dstport
> > EXTERN_TCP_PORTS="216.70.236.234/29_ssh 0/0_www 0/0_1023 0/0_8080"
>
> Very nice, very nice.
Nice, but your opening port 80 with _www, Cox won't like that :)
>
> [snip]
>
> > ###################################################################
> >########### #
> > # Port Forwarding
> > ###################################################################
> >########### #
> > # Remember to open appropriate holes in the firewall rules, above
> >
> > # Uncomment following for port-forwarded internal services.
> > # The following is an example of what should be put here.
> > # Tuples are as follows:
> > #
> > <protocol>_<local-ip>_<local-port>_<remote-ip>_<remote-port>
> > #INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
> > tcp_${EXTERN_IP}_smtp_192.
> > INTERN_SERVERS="tcp_${EXTERN_IP}_8080_192.168.1.1_8080"
>
> Looks good, too, though I'm not sure about the next
> to the last line. It seems truncated.
Yep, gotta fix the trunciated line, thx Matt!
> > # These lines use the primary external IP address...if you need to
> > port-forward
> > # an aliased IP address, use the INTERN_SERVERS setting above
> > #INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make
> > available INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to
> > make available #INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP
> > server to make available #INTERN_POP3_SERVER=192.168.1.1 # Internal
> > POP3 server to make available #INTERN_IMAP_SERVER=192.168.1.1 #
> > Internal IMAP server to make available
> > #INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make
> > available #EXTERN_SSH_PORT=24 # External port to use
> > for internal SSH access
>
> Ok, I guess.
INTERN_WWW_SERVER is port 80 ... Cox is now checking port 80 on
your 192.168.1.1 box with access through the firewall.You might be able
to add: INTERN_WWW_PORT=8080
I dunno, I've haven't tried it but it seems logical.
> > # Advanced settings: parameters passed directly to portfw and
> > autofw # Indexed list: "<ipmasqadm portfw options>"
> > #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p
> > PREF]" #INTERN_SERVER1=""
Here is a great place for it instead! Try:
INTERN_SERVER0="-a -P tcp -L ${EXTERN_IP} 8080 -R 192.168.1.1 8080
(assuming that the internal server is on port 8080 also)
> > # Indexed list: "<ipmasqadm autofw options>"
> > #INTERN_AUTOFW0="-A -r tcp 20000 20050 -h 192.168.1.1"
> > #INTERN_AUTOFW0="-A -r tcp 8080 -h 192.168.1.1"
>
> ---------------------------------------------------------------------
>------
<snip more good info from everyone again>
> > I also see that port forwarding is not enabled for port 8080 to
> > port 8080 on my internal web server. What can I do to fix this?
See above in network.conf
> Sure it was. I was called webcache. Ports to name
> mappings are listed in /etc/services.
>
> > As a side note, I noticed that the default network.conf exposes udp
> > port 53 (domain) to the public network. Also for tcp port 1023.
> > Are these necessary?
To get a dhcp lease??? Absolutely!
Otherwise, not at all.
Thx Matt!
--
~Lynn Avants
aka Guitarlynn
guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net
If linux isn't the answer, you've probably got the wrong question!
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
