My router has various compressed-encrypted TCP port redirections over SSH to primary and secondary ISP and one static IP visible from outside. I have moved to Linux 2.4.18 and need to keep things reasonably secure. With Linux 2.2.20 I had those redirections set "GatewayPorts yes" in "~/.ssh/config" and blocked from ppp0 with "ipchains -A input -p tcp -j REJECT -s 0.0.0.0/0 -i ppp0 -d 0.0.0.0/0 8080"
Even if masquerading with "iptables" works, when I tried setting up such rules or listing them by "iptables -L", it gave this error message: --- modprobe: Can't locate module ip_tables iptables v1.2.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. --- I think I have compiled all necessary things into my Linux 2.4.18 kernel, not as modules though. "iptables-save" shows this: --- # Generated by iptables-save v1.2.5 on Wed Mar 20 14:39:35 2002 *nat :PREROUTING ACCEPT [406:26649] :POSTROUTING ACCEPT [329:23560] :OUTPUT ACCEPT [89:8188] -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Wed Mar 20 14:39:35 2002 --- Since I could not block my redirections from ppp0, I secured them by "GatewayPorts no" in "~/.ssh/config" and tried another approach. It would be more secure this way anyway, but I have not managed to do it yet. Previously if the ipchains filtering rules got lost accidentally, ports would be open to everything. Now if redirection rules get lost, ports would appear closed from outside. This would all be nice, but I have not succeeded on creating proper rules yet. What I need is to redirect packets arriving to 192.168.1.9 (eth0) port 8080 to go to 127.0.0.1 (lo0) port 8080, so HTTP clients on my LAN could get in touch with HTTP proxy on the other side of SSH redirection through my ppp0 uplink. What rules are needed for this sort of eth0 -> lo0 redirection? Or do I have to go back to filtering and how to fix that then? -- "pienena / Paavo "Rainbow Rat" Hartikainen minusta / E-mail: [EMAIL PROTECTED] tulee / URL: http://www.sci.fi/~pahartik/ rotta" / EFnet: pahartik at #Atari and #LionKing
