all,
on 2.2.1 i386, with ipchains 1.3.8, and ipmasqadm-0.4.2-2.i386.rpm and
the following rules set (and the icq clients set to 30 sec timeout and
restr. ports - ref howto):
# ICQ client (4000)
# --------------------
echo " Allow ICQ"
# Registration Process
$IPCHAINS -A input -p udp -i $IFINTERNET \
-s $ALLNETS 4000 \
-d $INTERNETIP -j ACCEPT
$IPCHAINS -A input -p tcp -y -i $IFINTERNET \
-s $ALLNETS \
-d $INTERNETIP 4101:4130 -j ACCEPT -l
# "I'm behind a firewall"-range
#$IPMASQADM autofw -A -r tcp 4101 4150 -h 192.168.0.2 -v
#$IPMASQADM autofw -A -r tcp 4151 4200 -h 192.168.0.3 -v
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4101 -R 192.168.0.2 4101
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4102 -R 192.168.0.2 4102
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4103 -R 192.168.0.2 4103
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4104 -R 192.168.0.2 4104
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4105 -R 192.168.0.2 4105
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4106 -R 192.168.0.2 4106
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4107 -R 192.168.0.2 4107
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4108 -R 192.168.0.2 4108
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4109 -R 192.168.0.2 4109
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4110 -R 192.168.0.2 4110
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4111 -R 192.168.0.2 4111
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4112 -R 192.168.0.2 4112
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4113 -R 192.168.0.2 4113
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4114 -R 192.168.0.2 4114
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4115 -R 192.168.0.2 4115
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4116 -R 192.168.0.3 4116
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4117 -R 192.168.0.3 4117
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4118 -R 192.168.0.3 4118
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4119 -R 192.168.0.3 4119
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4120 -R 192.168.0.3 4120
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4121 -R 192.168.0.3 4121
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4122 -R 192.168.0.3 4122
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4123 -R 192.168.0.3 4123
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4124 -R 192.168.0.3 4124
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4125 -R 192.168.0.3 4125
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4126 -R 192.168.0.3 4126
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4127 -R 192.168.0.3 4127
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4128 -R 192.168.0.3 4128
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4129 -R 192.168.0.3 4129
$IPMASQADM portfw -a -P tcp -L $INTERNETIP 4130 -R 192.168.0.3 4130
I get the following output all the time, e.g. nothing happens at all:
[root@beersel01-195-130-143-96 packages]# /usr/sbin/ipmasqadm portfw -l
prot localaddr rediraddr lport rport pcnt pref
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4130
4130 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4129
4129 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4128
4128 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4127
4127 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4126
4126 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4125
4125 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4124
4124 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4123
4123 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4122
4122 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4121
4121 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4120
4120 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4119
4119 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4118
4118 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4117
4117 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.3 4116
4116 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4115
4115 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4114
4114 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4113
4113 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4112
4112 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4111
4111 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4110
4110 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4109
4109 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4108
4108 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4107
4107 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4106
4106 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4105
4105 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4104
4104 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4103
4103 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4102
4102 10 10
TCP beersel01-195-130-143-96.kabel.pandora.be 192.168.0.2 4101
4101 10 10
anybody any clues?
Karel Goderis
Telecommunications Consultant @ BT (Worldwide) Ltd.
---------------------------------------------------------------
Tel : +32-2-718.22.33 / +32-75-32.50.69
---------------------------------------------------------------
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
