I have done in the past, something like this for vnc and I believe it should
work
for you. You may need to add extra to portforward any other companion ports.
I
had a need for several connections for different machines here.
in Network.conf in the intern servers section added
#INTERN_VNC_SERVER2=192.168.45.47 # Internal VNC server to make available
#EXTERN_VNC_PORT2=49612 # External port to use for internal VNC access
in ipfilter.conf added the following in the same area as the other internal
server info (about 600 to 700 lines from the top)
if [ -n "$INTERN_VNC_SERVER2" ] ; then
if [ -n "$EXTERN_VNC_PORT2" ] ; then
$IPMASQADM portfw -a -P tcp -L $EXTERN_IP $EXTERN_VNC_PORT2 \
-R $INTERN_VNC_SERVER2 vnc
$IPMASQADM portfw -a -P udp -L $EXTERN_IP $EXTERN_VNC_PORT2 \
-R $INTERN_VNC_SERVER2 vnc
else
$IPMASQADM portfw -a -P tcp -L $EXTERN_IP vnc \
-R $INTERN_VNC_SERVER2 vnc
$IPMASQADM portfw -a -P udp -L $EXTERN_IP vnc \
-R $INTERN_VNC_SERVER2 vnc
fi
fi
I also defined the vnc port in the /etc/services file but you can specify
the port number directly. I believe this should forward the ports you need.
Add more to whatever you decide to call it in network.conf and lines in
ipfilter.conf for any further ports you need for citrix then before saving
you can
svi network uplifter reload
to test it.
Hope this helps
Andrew Gray
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Joey Officer
Sent: Fri, 16 Aug 2002 11:11 AM
To: guitarlynn; [EMAIL PROTECTED]
Subject: RE: [leaf-user] allowing internal connections w/o IPSec
Lynn, I read you write up on port forwarding on the FAQ at the
leaf/sourceforge website, but I'm not 100% sure if I am truly forwarding..
off thread (my fault) I have been able to get the following
I can telnet to 216.201.149.162 and I get an ICA prompt
When I run the citrix client (although I just checked something, I have not
opened the UDP port) I get no response.. checking the UDP thing now...
Still no good... so this is what I have done thus far
EXTERN_TCP_PORTS="24.167.33.0/32_1494"
EXTERN_UDP_PORTS="24.167.33.0/32_1494
EXTERN_PROTO3="17 24.167.33.0/32" - added this most recently to allow UDP
protocol open
INTERN_SERVERS="tcp_216.201.149.162_1494_192.168.1.202_1494"
^^^ this is ext.ip ^^^
this is int.ip
joey
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of guitarlynn
Sent: Thursday, August 15, 2002 7:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] allowing internal connections w/o IPSec
On Thursday 15 August 2002 18:45, Joey Officer wrote:
> Unless I didn't restart the services proprerly (I'll show below, this
> is what I did)
>
> EXTERN_TCP_PORTS="remote.address/32_1494"
> EXTERN_UDP_PORTS="remote.address/32_1494"
> INTERN_ICA_SERVER=192.168.1.202
>
> And then
>
> svi network reload
>
> from the remote host (we are using citrix in this scenario)
>
> citrix client is told to look at the external IP of the LRP box.
> This is where I am stuck...
joey
Have you portforwarded this port to the desired machine???
With the lines you have added, you are simply opening the
ports to the firewall.... not sending the ports to a masq'ed machine.
--
~Lynn Avants
aka Guitarlynn
guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net
If linux isn't the answer, you've probably got the wrong question!
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
