RE: IPchains, masquerading and napster

Tue, 1 Feb 2000 05:57:02 -0800 

Thanx. 

I figured it out by now.
I was assuming that the forward rule had to do with IP-forwarding, but that
was a misinterpretation. 
The forward rule is simply a pass/block filter that takes place after
demasquerading. Ip-forwarding requires the destination IP (+port) to be
altered. That can for instance be done by ipmasqadm, as pointed out to me by
Trenton D. Adams.

Serge Maandag.

-----Original Message-----
From: Eduardo Rohr [mailto:[EMAIL PROTECTED]]
Sent: maandag 31 januari 2000 11:50
To: Serge Maandag; Linux-Net (E-mail)
Subject: RE: IPchains, masquerading and napster


I don't know how napster works, but you can quickly see what is going wrong
changing your rules in this way:

 /sbin/ipchains -P forward ACCEPT
 /sbin/ipchains -A forward -p tcp --destination-port 6699 -j MASQ
 /sbin/ipchains -A forward -i eth1 -p all -s 10.11.12.0/24 -j ACCEPT
 /sbin/ipchains -A forward -j DENY -l    <----- here you log everything that
is denied

(I would do the same with the INPUT chain)

And then in a terminal using for example "tail -f /var/log/messages" you can
see what is going up.

Eduardo

> Dear Linux-net,
>
> I have a problem setting up my masquerading linuxrouter to forward
> napsterclients. I (on the private side of the router) can do downloads
from
> other clients, but the other clients are not able to do downloads from me.
> Napster sees that people are trying, but the status of their uploads is
> "Waiting...". The setup is as follows:
>
> The home-LAN is 10.11.12.0/24. napster is running on a windowsclient which
> is adressed 10.11.12.12. The router is assigned a static public IP on the
> outside (eth1) and 10.11.12.13 on the LAN-side (eth0). I used the
following
> lines, which in my opinion should work, straightforward as it is:
>
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -p tcp --destination-port 6699 -j MASQ
> /sbin/ipchains -A forward -i eth1 -p all -s 10.11.12.0/24 -j ACCEPT
>
> But it doesn't. It  attempts to masq all outgoing traffic, which works and
> attempts to deny all incoming traffic except trafic to port 6699, which is
> the port I configured in napster. It denys all though, except for
> connections initiated from the LAN.
>
> Can anyone please tell me what I'm doing wrong?
>
> Serge Maandag.
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]

Reply via email to