Hello!
I've done quite a bit of testing to try to get this to work. But, I still
am having no luck! Any help would be greatly appreciated.
As a recap, I am trying to allow a client to "Call Remote" over the Internet
by connecting to one of my secondary IP addresses. The workstation behind
the firewall is configured to "Wait for Call" from a host. I just can't
seem to figure this out!
Here's the scenario:
My ISP has assigned me a primary static IP for my Dachstein LEAF box of
206.127.76.231
I have also been assigned a range of 16 secondary IP addresses
206.127.77.48-63 / 255.255.255.240.
I have 10 workstations behind the firewall using the 192.168.10.0 network.
I can get out through the Dach box with absolutely no problems. NAT is
working great. Some of the Port Forwarding stuff is working because I have
configured the INTERN_WWW_SERVER to point to 192.168.10.100 as a test and I
can connect to that web server fine. I have opened the TCP and UDP ports
for pcAnywhere (TCP 5631 and UDP 5632) using:
EXTERN_UDP_PORT1="0/0 5632 206.127.77.48/28"
EXTERN_TCP_PORT0="0/0 5631 206.127.77.48/28"
I then set up the Internal Servers for PortFW using:
# Set Additional EXTERN_IPx Addresses
EXTERN_IP1=206.127.77.49
EXTERN_IP2=206.127.77.50
EXTERN_IP3=206.127.77.51
EXTERN_IP4=206.127.77.52
EXTERN_IP5=206.127.77.53
EXTERN_IP6=206.127.77.54
EXTERN_IP7=206.127.77.55
EXTERN_IP8=206.127.77.56
EXTERN_IP9=206.127.77.57
EXTERN_IP10=206.127.77.58
EXTERN_IP11=206.127.77.59
EXTERN_IP12=206.127.77.60
EXTERN_IP13=206.127.77.61
EXTERN_IP14=206.127.77.62
INTERN_SERVERS="tcp_${EXTERN_IP2}_5631_192.168.10.50_5631
udp_${EXTERN_IP2}_5632_192.168.10.50_5632 \
tcp_${EXTERN_IP3}_5631_192.168.10.70_5631
udp_${EXTERN_IP3}_5632_192.168.10.70_5632 \
tcp_${EXTERN_IP4}_5631_192.168.10.52_5631
udp_${EXTERN_IP4}_5632_192.168.10.52_5632 \
tcp_${EXTERN_IP5}_5631_192.168.10.53_5631
udp_${EXTERN_IP5}_5632_192.168.10.53_5632 \
tcp_${EXTERN_IP6}_5631_192.168.10.54_5631
udp_${EXTERN_IP6}_5632_192.168.10.54_5632 \
tcp_${EXTERN_IP7}_5631_192.168.10.55_5631
udp_${EXTERN_IP7}_5632_192.168.10.55_5632 \
tcp_${EXTERN_IP8}_5631_192.168.10.71_5631
udp_${EXTERN_IP8}_5632_192.168.10.71_5632"
Here is my current rule set: (I enabled logging on the PortFW entries of
the input chain to try to troubleshoot. When a user tries to connect using
pcAnywhere, I don't get a log entry, but I do get log entries when users
connect to the web server.)
Chain input (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 5 -> *
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 13 -> *
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 14 -> *
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.10.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.76.231 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.48/28 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.50 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.51 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.52 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.53 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.54 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.55 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.56 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.57 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.58 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.59 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.60 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.61 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.62 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
206.127.77.49 0.0.0.0/0 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0
0.0.0.0/0 127.0.0.0/8 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0
0.0.0.0/0 192.168.10.0/24 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
6 468 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138:139
3 696 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 ACCEPT tcp ----l- 0xFF 0x00 eth0
0.0.0.0/0 206.127.77.48/28 * -> 5631
0 0 ACCEPT tcp ----l- 0xFF 0x00 eth0
0.0.0.0/0 206.127.76.231 * -> 80
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 113
1122 1181K ACCEPT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
0 0 REJECT udp ----l- 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 161:162
0 0 ACCEPT udp ----l- 0xFF 0x00 eth0
0.0.0.0/0 206.127.76.231 * -> 53
0 0 ACCEPT udp ----l- 0xFF 0x00 eth0
0.0.0.0/0 206.127.77.48/28 * -> 5632
0 0 DENY udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 67
65 14265 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
9 632 ACCEPT icmp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> *
0 0 ACCEPT ospf ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 n/a
17 1008 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 n/a
0 0 REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 161:162
0 0 REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 161:162 -> *
3530 297K ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 5 -> *
0 0 MASQ tcp ------ 0xFF 0x00 *
192.168.10.50 0.0.0.0/0 5631 -> *
0 0 MASQ udp ------ 0xFF 0x00 *
192.168.10.50 0.0.0.0/0 5632 -> *
0 0 MASQ tcp ------ 0xFF 0x00 *
192.168.10.70 0.0.0.0/0 5631 -> *
0 0 MASQ udp ------ 0xFF 0x00 *
192.168.10.70 0.0.0.0/0 5632 -> *
0 0 MASQ tcp ------ 0xFF 0x00 *
192.168.10.52 0.0.0.0/0 5631 -> *
0 0 MASQ udp ------ 0xFF 0x00 *
192.168.10.52 0.0.0.0/0 5632 -> *
0 0 MASQ tcp ------ 0xFF 0x00 *
192.168.10.53 0.0.0.0/0 5631 -> *
0 0 MASQ udp ------ 0xFF 0x00 *
192.168.10.53 0.0.0.0/0 5632 -> *
0 0 MASQ tcp ------ 0xFF 0x00 *
192.168.10.54 0.0.0.0/0 5631 -> *
0 0 MASQ udp ------ 0xFF 0x00 *
192.168.10.54 0.0.0.0/0 5632 -> *
0 0 MASQ tcp ------ 0xFF 0x00 *
192.168.10.55 0.0.0.0/0 5631 -> *
0 0 MASQ udp ------ 0xFF 0x00 *
192.168.10.55 0.0.0.0/0 5632 -> *
0 0 MASQ tcp ------ 0xFF 0x00 *
192.168.10.71 0.0.0.0/0 5631 -> *
0 0 MASQ udp ------ 0xFF 0x00 *
192.168.10.71 0.0.0.0/0 5632 -> *
972 81444 MASQ all ------ 0xFF 0x00 eth0
192.168.10.0/24 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain output (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
5705 2000K fairq all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 eth0
192.168.10.0/24 0.0.0.0/0 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
5705 2000K ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Here is the Port Forward Stuff from Weblet:
prot localaddr rediraddr lport rport pcnt pref
UDP 206.127.77.56 192.168.10.71 5632 5632 10 10
UDP 206.127.77.55 192.168.10.55 5632 5632 10 10
UDP 206.127.77.54 192.168.10.54 5632 5632 10 10
UDP 206.127.77.53 192.168.10.53 5632 5632 10 10
UDP 206.127.77.52 192.168.10.52 5632 5632 10 10
UDP 206.127.77.51 192.168.10.70 5632 5632 10 10
UDP 206.127.77.50 192.168.10.50 5632 5632 10 10
TCP 206.127.77.56 192.168.10.71 5631 5631 10 10
TCP 206.127.77.55 192.168.10.55 5631 5631 10 10
TCP 206.127.77.54 192.168.10.54 5631 5631 10 10
TCP 206.127.77.53 192.168.10.53 5631 5631 10 10
TCP 206.127.77.52 192.168.10.52 5631 5631 10 10
TCP 206.127.77.51 192.168.10.70 5631 5631 10 10
TCP 206.127.77.50 192.168.10.50 5631 5631 10 10
TCP 206.127.76.231 192.168.10.100 80 80 10 10
I know that the INTERN_SERVERS variable is part of the extended scripts. Is
there something I have to do to make the extended scripts work on Dach? BTW,
this is Dachstein with CD and floppy. The reason I ask is because the
standard scripts use the INTERN_WWW_SERVER and that seems to work fine.
But, since pcAnywhere is not a standard service, and because I don't want to
connect using the primary IP, I have to use the alternate variables.
Thanks very much for any help offered.
Ken
-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
