i didnt do it yet im only planning to(linux router box) .. id imagine that it
isnt that hard to make eth0 as external connection and connect it to the
always on modem and eth1 as the internal filtered network .. isnt that what
ipchains/iptables all about ? :)
what exactly didnt work with the defserver ?
i used it it works fine
the only problem that comes to my mind is the ip u put as defserver ... that
wasnt of your box ... other than that i have no idea what can go wrong.
On Sunday 11 August 2002 11:58, Oleg wrote:
> About the defserver option, I tried that and that didn't work quite ok.
> Actually it didn't work at all. How exactly did you configured the linux
> box ? What did you masq and how ?
>
> Oleg.
>
>
> ----- Original Message -----
> From: "Barak Kaufman" <[EMAIL PROTECTED]>
> To: "Oleg Kobets" <[EMAIL PROTECTED]>; "Oren Amit"
> <[EMAIL PROTECTED]>
> Cc: "Linux-IL" <[EMAIL PROTECTED]>
> Sent: Sunday, August 11, 2002 9:10 AM
> Subject: Re: Alcatel Pro
>
>
> i have ftp working perfectly, i use proftpd the things needed to be defined
> was masqueraded address (the external ip) and passive ports range (a few
> ports that have to be defined as static routes on the nat).
>
> second thing i can tell u right away that u may have problems with is irc.
> specifically dcc. first of course u have to create static routes for the
> ports u want to use for dcc, second thing is after u dcc the irc server
> gives
> u ping time out, the solution for that was to statically route the irc
> server
> ports (6666,6667 etc) for udp and tcp. dont ask me why ... it just woked.
>
> overall i am very pleased with the change, althought there is one big
> problem
> the nat routing table is limited to 32 entries ... so pretty soon u will
> run out of routes, my suggestion would be to use a linux box as
> firewall/gateway and define it as defserver in the modem (all connections
> forwarded).
>
> On Sunday 11 August 2002 01:51, Oleg Kobets wrote:
> > Hi, Oren.
> >
> > The insrtuctions were not sent by me, but by Orna.
> >
> > To enable the nat you should telnet to the modem and enter expert mode
> > either by typing EXPERT or td prompt. Depends on the version you have,
> > but you already know that since you enabled the Pro.
> >
> > Ok, once you in the expert mode, type nat. For everything you can type
>
> help
>
> > and it will show you the correct syntax and meaning of every command.
>
> After
>
> > you entered nat=> you can type 'create' and follow the questions to
> > create a static nat route.
> >
> > But I must comment that I did came up with problems. For example, if you
> > have VirtualHosts in apache like I do, you can either forget about them
> > or forget about using nat in the modem. As you linux box will not have
> > ppp0 and your IP binded to it, apache refuses to work. Other stuff works,
> > like email (both smtp and pop3), ftp is not working, ssh does.
> >
> > I must admit that at that point I gave up and converted to old pptp
> > method as I MUST use VH's for my server.
> >
> > Does anyone else has experience in those matters ?
> >
> > Oleg
> > ----- Original Message -----
> > From: Oren Amit
> > To: Oleg Kobets
> > Sent: Sunday, August 11, 2002 12:27 AM
> > Subject: Re: Alcatel Pro
> >
> >
> > Hi Oleg,
> >
> > I have a Alcatel Speed Touch Home modem.
> > I followed the instructions posted on the list (by you if I'm not
> > mistaken ?) and changed the software to pro. Can you send me a
> > discription of what you did in order to set uo the NAT. Thanks
> > Oren Amit.
> > ----- Original Message -----
> > From: Oleg Kobets
> > To: Linux-IL
> > Sent: Saturday, August 10, 2002 4:01 PM
> > Subject: Alcatel Pro
> >
> >
> > Hi, list!
> >
> > Following Orna's links I made the switch to Pro version. It actually
>
> is
>
> > working superb, I am most happy that my scripts to uphold the connection
>
> no
>
> > longer needed, and I also have a way to make it secure from outside
> > attacks.
> >
> > The second link that Orna gave us has a description of how to make
> > persistent nat routes. Now if you make a route on ports 21, 23 and 1723
> > then ppl won't be able to connect to your adsl modem from outside and
> > change things. For easier maintance you may leave port 23 unfiltered and
> > set a password as I did, so even if someone connects to your modem, it
>
> will
>
> > give him/her no good.
> >
> > I hope it helped someone out there :-)
> >
> > ---
> > Oleg Kobets
> > Clean-Mail Administrator
> > I.T.S
> > www.clean-mail.net
--
Barak Kaufman
Customer Support Manager
Oz-Tech Information Systems
================================================================To unsubscribe, send
mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
