Re: Port Forward Using IPChains for PCAnywhere

Thu, 08 Aug 2002 13:10:13 -0700 

On Thu, 8 Aug 2002, Jack Bowling wrote:

> > Has anyone ever setup a port forwarding for pcanywhere through a linux
> > firewall using ipchains. Can someone please give me some instructions.

Remember to enable encryption in PCAnywhere, and refuse
down-negotiation -- wrappers are a good idea as are firewalls.

A. yes as to 2.0.30 kernel

        ipautofw -r tcp 5631 5632 -h $interiorIP
        ipautofw -r udp 5631 5632 -h $interiorIP

(from an old Owl River application note, long ago -- no idea 
if the note was complete -- I remember the customer site was 
running Solaris and a Frame Relay based network doring the 
'dot-com' golden days.  Now-a-days, their stock price hovers 
just above $1 , and 'grooming' of the price to avoid delisting 
has been suggested)


B. yes as to IPchainss (2.2 kernel)

        redir or ipmasqadm as appropiate -- I don't run that
kernel series in external production any more, and don't have
an application note at hand.


C. yes as to IPtables (2.4 kernel)

script fragment to insert the rules:

OUTSIDE="192.168.0.11"
INSIDE="10.0.0.11"
#
RULES="                                                 \
        $OUTSIDE:22:udp:$INSIDE:22:udp                  \
        $OUTSIDE:5631:udp:$INSIDE:5631:udp              \
        $OUTSIDE:5631:tcp:$INSIDE:5631:tcp              \
        $OUTSIDE:5632:udp:$INSIDE:5632:udp              \
        $OUTSIDE:5632:tcp:$INSIDE:5632:tcp              \
        $OUTSIDE:65301:tcp:$INSIDE:65301:tcp            \
        $OUTSIDE:65302:tcp:$INSIDE:65302:tcp            \
                                                        "
#
# Linux 2.4
#
for i in `echo $RULES`; do
        EXTIP=`echo $i | awk -F":"    {'print $1'}`
        EXTPORT=`echo $i | awk -F":"  {'print $2'}`
        EXTPROTO=`echo $i | awk -F":" {'print $3'}`
#
        INTIP=`echo $i | awk -F":"    {'print $4'}`
        INTPORT=`echo $i | awk -F":"  {'print $5'}`
        INTPROTO=`echo $i | awk -F":" {'print $6'}`
#
$IPT  -A PREROUTING -t nat -p $EXTPROTO -d $EXTIP --dport $EXTPORT \
           -j DNAT --to $INTIP:$INTPORT

done
#

Works great.

-- Russ Herrold

-- 
end
==================================
 .-- -... ---.. ... -.- -.--
Copyright (C) 2002 R P Herrold
      [EMAIL PROTECTED]  NIC: RPH5 (US)
   My words are not deathless prose, 
      but they are mine.

       Owl River Company  
   "The World is Open to Linux (tm)"
   ... Open Source LINUX solutions ...
      [EMAIL PROTECTED] 
         Columbus, OH



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to