date:20020731

Re: [Cooker-firewall] SNF 7.2 and Port-Forwarding

2002-07-31 Thread Andre Krajnik


Hi Hernan,

you're right. They are in the ipvsadm table. But it does not forward the 
incomming traffic to the web server.

What goes wrong?

Hernan Vidoni schrieb:
> Hi there
> The SNF doesn't use the port forwarding with the ipchains command, it 
> use the ipvsadm command, that's why you don't see it in the ipchain's list.
> Use "man ipvsadm" to see how it works.
> Saludos.
> Hernán Vidoni.
> 
>> Hi!
>>
>> I'm using SNF 7.2 with NAT and I want to use also Port-Forwarding for 
>> a Web-Server and smtp.
>>
>> I put the rules in  NAAT - Restricted Access - Internet Access
>>
>> The Rules are in the input-chain, but not in the output-Chain. Waht 
>> can I do???
>>
>>
>>
>>
>> [root@router /root]# ipchains -L
>> Chain input (policy DENY):
>> target prot opt sourcedestination   ports
>> ACCEPT icmp --  anywhere anywhere 
>> fragmentation-needed
>> DENY   all  l-  224.0.0.0/4  anywhere  n/a
>> DENY   all  l-  anywhere 192.168.98.0/24   n/a
>> DENY   all  l-  192.168.98.0/24  anywhere  n/a
>> DENY   all  l-  anywhere 192.168.98.0/24   n/a
>> DENY   all  l-  192.168.98.0/24  anywhere  n/a
>> ACCEPT all  --  anywhere anywhere  n/a
>> ACCEPT all  --  anywhere anywhere  n/a
>> ACCEPT tcp  --  anywhere router.avalon-net.net  
>> any ->   ssh
>> ACCEPT tcp  --  anywhere router.avalon-net.net  
>> any ->   1
>> ACCEPT tcp  --  anywhere router.avalon-net.net  
>> any ->   ntp
>> ACCEPT tcp  --  anywhere router.avalon-net.net  
>> any ->   domain
>> ACCEPT tcp  --  anywhere router.avalon-net.net  
>> any ->   8443
>> ACCEPT udp  --  anywhere router.avalon-net.net  
>> any ->   ntp
>> ACCEPT udp  --  anywhere router.avalon-net.net  
>> any ->   domain
>> ACCEPT icmp --  anywhere anywhere  any 
>> ->   any
>> ACCEPT tcp  --  anywhere anywhere  any 
>> ->   domain
>> ACCEPT tcp  --  anywhere anywhere  any 
>> ->   mysql
>> ACCEPT tcp  --  anywhere anywhere  any 
>> ->   www
>> ACCEPT tcp  --  anywhere anywhere  any 
>> ->   6346
>> ACCEPT tcp  --  anywhere anywhere  any 
>> ->   ntp
>> ACCEPT tcp  !y  anywhere anywhere  any 
>> ->   any
>> ACCEPT icmp --  anywhere anywhere 
>> destination-unreachable
>> ACCEPT icmp --  anywhere anywhere echo-reply
>> ACCEPT icmp --  anywhere anywhere time-exceeded
>> DENY   icmp l-  anywhere anywhere  any 
>> ->   any
>> ACCEPT udp  --  anywhere anywhere  any 
>> ->   domain
>> ACCEPT udp  --  anywhere anywhere  any 
>> ->   ntp
>> DENY   udp  l-  anywhere anywhere  any 
>> ->   2049
>> ACCEPT udp  --  62.225.244.197   anywhere domain ->   
>> 1024:65535
>> ACCEPT udp  --  194.25.2.129 anywhere domain ->   
>> 1024:65535
>> DENY   all  l-  anywhere router.avalon-net.net  n/a
>> DENY   tcp  --  anywhere router.avalon-net.net  
>> any ->   any
>> DENY   udp  --  anywhere router.avalon-net.net  
>> any ->   any
>> ACCEPT tcp  --  192.168.98.0/24  anywhere  any 
>> ->   any
>> ACCEPT tcp  --  192.168.98.0/24  anywhere  any 
>> ->   domain
>> ACCEPT udp  --  192.168.98.0/24  anywhere  any 
>> ->   any
>> ACCEPT udp  --  192.168.98.0/24  anywhere  any 
>> ->   domain
>> DENY   all  l-  192.168.98.0/24  anywhere  n/a
>> DENY   all  l-  anywhere anywhere  n/a
>> Chain forward (policy DENY):
>> target prot opt sourcedestination   ports
>> DENY   tcp  l-  anywhere anywhere 
>> netbios-ns:netbios-ssn ->   any
>> DENY   udp  l-  anywhere anywhere 
>> netbios-ns:netbios-ssn ->   any
>> MASQ   all  --  192.168.98.0/24  anywhere  n/a
>> DENY   all  l-  anywhere anywhere  n/a
>> Chain output (policy ACCEPT):
>> target prot opt sourcedestination   ports
>> ACCEPT icmp --  anywhere anywhere 
>> fragmentation-needed
>> ACCEPT icmp --  anywhere anywhere  any 
>> ->   any
>> [root@router /root]#
>>
>>
>> -- 
>> mfg
>>
>> Andre
> 
> 
> 
> 
> 
> Hernán Vidoni
> ICQ: 4765459
> [EMAIL PROTE

Re: [Cooker-firewall] SNF 7.2 and Port-Forwarding

2002-07-31 Thread Hernan Vidoni


Hi there
The SNF doesn't use the port forwarding with the ipchains command, it use 
the ipvsadm command, that's why you don't see it in the ipchain's list.
Use "man ipvsadm" to see how it works.
Saludos.
Hernán Vidoni.

>Hi!
>
>I'm using SNF 7.2 with NAT and I want to use also Port-Forwarding for a 
>Web-Server and smtp.
>
>I put the rules in  NAAT - Restricted Access - Internet Access
>
>The Rules are in the input-chain, but not in the output-Chain. Waht can I 
>do???
>
>
>
>
>[root@router /root]# ipchains -L
>Chain input (policy DENY):
>target prot opt sourcedestination   ports
>ACCEPT icmp --  anywhere anywhere fragmentation-needed
>DENY   all  l-  224.0.0.0/4  anywhere  n/a
>DENY   all  l-  anywhere 192.168.98.0/24   n/a
>DENY   all  l-  192.168.98.0/24  anywhere  n/a
>DENY   all  l-  anywhere 192.168.98.0/24   n/a
>DENY   all  l-  192.168.98.0/24  anywhere  n/a
>ACCEPT all  --  anywhere anywhere  n/a
>ACCEPT all  --  anywhere anywhere  n/a
>ACCEPT tcp  --  anywhere router.avalon-net.net  any ->  
>  ssh
>ACCEPT tcp  --  anywhere router.avalon-net.net  any ->  
>  1
>ACCEPT tcp  --  anywhere router.avalon-net.net  any ->  
>  ntp
>ACCEPT tcp  --  anywhere router.avalon-net.net  any ->  
>  domain
>ACCEPT tcp  --  anywhere router.avalon-net.net  any ->  
>  8443
>ACCEPT udp  --  anywhere router.avalon-net.net  any ->  
>  ntp
>ACCEPT udp  --  anywhere router.avalon-net.net  any ->  
>  domain
>ACCEPT icmp --  anywhere anywhere  any ->   
>any
>ACCEPT tcp  --  anywhere anywhere  any ->   
>domain
>ACCEPT tcp  --  anywhere anywhere  any ->   
>mysql
>ACCEPT tcp  --  anywhere anywhere  any ->   
>www
>ACCEPT tcp  --  anywhere anywhere  any ->   
>6346
>ACCEPT tcp  --  anywhere anywhere  any ->   
>ntp
>ACCEPT tcp  !y  anywhere anywhere  any ->   
>any
>ACCEPT icmp --  anywhere anywhere 
>destination-unreachable
>ACCEPT icmp --  anywhere anywhere echo-reply
>ACCEPT icmp --  anywhere anywhere time-exceeded
>DENY   icmp l-  anywhere anywhere  any ->   
>any
>ACCEPT udp  --  anywhere anywhere  any ->   
>domain
>ACCEPT udp  --  anywhere anywhere  any ->   
>ntp
>DENY   udp  l-  anywhere anywhere  any ->   
>2049
>ACCEPT udp  --  62.225.244.197   anywhere domain ->   
>1024:65535
>ACCEPT udp  --  194.25.2.129 anywhere domain ->   
>1024:65535
>DENY   all  l-  anywhere router.avalon-net.net  n/a
>DENY   tcp  --  anywhere router.avalon-net.net  any ->  
>  any
>DENY   udp  --  anywhere router.avalon-net.net  any ->  
>  any
>ACCEPT tcp  --  192.168.98.0/24  anywhere  any ->   
>any
>ACCEPT tcp  --  192.168.98.0/24  anywhere  any ->   
>domain
>ACCEPT udp  --  192.168.98.0/24  anywhere  any ->   
>any
>ACCEPT udp  --  192.168.98.0/24  anywhere  any ->   
>domain
>DENY   all  l-  192.168.98.0/24  anywhere  n/a
>DENY   all  l-  anywhere anywhere  n/a
>Chain forward (policy DENY):
>target prot opt sourcedestination   ports
>DENY   tcp  l-  anywhere anywhere 
>netbios-ns:netbios-ssn ->   any
>DENY   udp  l-  anywhere anywhere 
>netbios-ns:netbios-ssn ->   any
>MASQ   all  --  192.168.98.0/24  anywhere  n/a
>DENY   all  l-  anywhere anywhere  n/a
>Chain output (policy ACCEPT):
>target prot opt sourcedestination   ports
>ACCEPT icmp --  anywhere anywhere fragmentation-needed
>ACCEPT icmp --  anywhere anywhere  any ->   
>any
>[root@router /root]#
>
>
>--
>mfg
>
>Andre




Hernán Vidoni
ICQ: 4765459
[EMAIL PROTECTED]
[EMAIL PROTECTED]


_
Únase al mayor servicio mundial de correo electrónico: 
http://www.hotmail.com/es

Re: [Cooker-firewall] SNF 7.2 and Port-Forwarding

Re: [Cooker-firewall] SNF 7.2 and Port-Forwarding

2 matches

Site Navigation

Mail list logo

Footer information