Support Requests item #539562, was opened at 2002-04-04 20:16 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=213751&aid=539562&group_id=13751
Category: Release/Branch: Dachstein Group: None >Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: port forwarding Initial Comment: I am running the dachstein firewall router and want to enable port forwarding of the IRLP. The ports to be enabled 2074 2075 15425 15426 15427 and 22. As set up I can log on 192.168.1.1 on the internal network but cannot do it through a external connection. Any info appreciated. IRLP is the Internet Repeater Linking Project. Thanks ---------------------------------------------------------------------- >Comment By: Lynn Avants (guitarlynn) Date: 2002-08-13 22:49 Message: Logged In: YES user_id=176069 It has been quite a while without comment and I am assuming the problem has been resolved. This request is being closed, so you will need to start a new one if further help is desired. ~Lynn ---------------------------------------------------------------------- Comment By: Mike Noyes (mhnoyes) Date: 2002-05-17 09:40 Message: Logged In: YES user_id=39521 Would someone with port forwarding knowledge please address this support request? Thanks. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2002-04-07 06:50 Message: Logged In: NO This text from correspondence with IRLP group. Subject: Re: firewall If your node is behind a firewall, the following TCP and UDP ports must be forwarded to it. TCP 23 (if you are running telnet) 22 (if you are running SSH) (PREFERRED) 15425 (IRLP control port) 15426 (IRLP control port) 15427 (IRLP control port) UDP 2074 (IRLP Audio) 2075 (IRLP Audio) The version of Dachstein is using sys linux 1.62 2001-04-24 and root version v4.0.6 >From log: Apr 6 21:30:49 firewall kernel: Packet log: input DENY eth0 PROTO=6 142.163.19.66:1145 209.128.53.112:22 L=48 S=0x00 I=16177 F=0x4000 T=124 SYN (#42) Apr 6 21:30:52 firewall kernel: Packet log: input DENY eth0 PROTO=6 142.163.19.66:1145 209.128.53.112:22 L=48 S=0x00 I=16433 F=0x4000 T=124 SYN (#42) Apr 6 21:30:58 firewall kernel: Packet log: input DENY eth0 PROTO=6 142.163.19.66:1145 209.128.53.112:22 L=48 S=0x00 I=16689 F=0x4000 T=124 SYN (#42) Apr 6 21:31:11 firewall kernel: Packet log: input DENY eth0 PROTO=6 142.163.19.66:1145 209.128.53.112:22 L=48 S=0x00 I=16945 F=0x4000 T=124 SYN (#42) Apr 6 21:31:35 firewall kernel: Packet log: input DENY eth0 PROTO=6 142.163.19.66:1145 209.128.53.112:22 L=48 S=0x00 I=17457 F=0x4000 T=124 SYN (#42) Apr 6 21:31:38 firewall kernel: Packet log: input DENY eth0 PROTO=6 142.163.19.66:1145 209.128.53.112:22 L=48 S=0x00 I=17713 F=0x4000 T=124 SYN (#42) Apr 6 21:31:44 firewall kernel: Packet log: input DENY eth0 PROTO=6 142.163.19.66:1145 209.128.53.112:22 L=48 S=0x00 I=17969 F=0x4000 T=124 SYN (#42) Other correspondence: If you're running Red Hat 6.x on the router box, you will need to download and install ipmasqadm, to enable the port forwarding. This is a basic script and should give you the bare minimum to forward ports to the IRLP box.. You can add extra code to improve security or pass more protocols (read the IP Masquerade How To for more info). Note, you need to set the $INETIP and $IRLPIP variables to the correct values in your script, or when your connection comes up (if using PPP, DHCP or PPPoE). $INETIP is the public IP address of your firewall, and $IRLPIP is the internal IP address of the IRLP box itself. #!/bin/sh # setup IP Masquerade echo Enabling IP forwarding... echo '1' > /proc/sys/net/ipv4/ip_forward echo 'Setting up firewall...' /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P udp -L $INETIP 2074 -R $IRLPIP 2074 /usr/sbin/ipmasqadm portfw -a -P udp -L $INETIP 2075 -R $IRLPIP 2075 /usr/sbin/ipmasqadm portfw -a -P tcp -L $INETIP 15425 -R $IRLPIP 15425 /usr/sbin/ipmasqadm portfw -a -P tcp -L $INETIP 15426 -R $IRLPIP 15426 /usr/sbin/ipmasqadm portfw -a -P tcp -L $INETIP 15427 -R $IRLPIP 15427 # Add this line if you want to be able to SSH direct to the IRLP box (and are not using SSH on the router) /usr/sbin/ipmasqadm portfw -a -P tcp -L $INETIP 22 -R $IRLPIP 22 ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2002-04-06 16:01 Message: Logged In: NO I went to the IRLP site and it does not seem to document the port numbers with protocols. This is a VOIP system which doubtless uses a udp stream for the audio. If you can let us know which protocol each of the ports uses - the implementation of the port fowarding is trivial. Some of those ports will be udp and some will be tcp. Port 22 is ssh and I think I read somewhere that it does encryption for authenticaltion of the HAM users. Please provide more info. IRLP seems to have a better interface than I-LINK which does much the same thing under Windows. IRLP only runs on a Redhat box. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2002-04-06 09:03 Message: Logged In: NO After checking information in reply i still cannot log in externally. When I check messages in firewall warning I can see the connect requests but all are being denied. I know I have not configured everything correctly but what have I not turned on?? Using ssh on internal server works fine with login and access to the IRLP computer showing all files etc. I do have information as to correct parameters to go in ipchains with ip and ports. Thanks. ---------------------------------------------------------------------- Comment By: Mike Noyes (mhnoyes) Date: 2002-04-04 20:31 Message: Logged In: YES user_id=39521 Let me know if this FAQ helps. FAQs sec07: Solutions to Routing Problems * Port-Forwarding with Dachstein https://sourceforge.net/docman/display_doc.php?docid=10418&group_id=13751 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=213751&aid=539562&group_id=13751 ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html