Re: ipmasqadm portfw
On Wed, Feb 06, 2002 at 09:53:01AM +0100, Elm Gysel wrote: > I'm using kernel 2.2.14 and I have a problem with ipmasqadm portfw. > >From what I understand from searching mailing lists and so on I don't have > this aspect commpiled into my kernel. > This is the .config file : [snip] Have you set CONFIG_EXPERIMENTAL ? > So I suppose I need to recompile this kernel? Almost certainly... > if so... > Can I just compile a 2.4 version to upgrade from this 2.2 version? > Is there any way not to break things apart if I compile this new kernel? Or > is the best way to go just to keep the old .config at hand when configuring > the new one? Beware, kernel 2.4 uses iptables, not ipchains. So you may have to upgrade some tools as well. I dunno if ipfwadm supports kernel 2.4, to be honest. However, if you're upgrading to 2.4, make sure you're at least on woody, or have the potato-2.4 support packages by A. Bunk (I think that's the guy :-) installed. You can drop the old .config file into the new kernel source directory, and run make oldconfig which will ask you any questions that it doesn't have answers for already. In fact, make-kpkg does that anyway. :-) Keep your old kernel around and configured in lilo, so you can boot back when the new 2.4 kernel doesn't work. :-) -- === Paul "TBBle" Hampson, MCSE 4th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] Of course Pacman didn't influence us as kids. If it did, we'd be running around in darkened rooms, popping pills and listening to repetitive music. This email is licensed to the recipient for non-commercial use, duplication and distribution. === pgp9hf9IWQ6T1.pgp Description: PGP signature
RE: ipmasqadm portfw
This can (and probably should) be set in /etc/network/options: ip_forward=yes to stay consistent across reboots. j. -- Jeremy L. Gaddis <[EMAIL PROTECTED]> -Original Message- From: Raffael Ferenc [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2002 4:45 AM To: Jeremy L. Gaddis Subject: Re: ipmasqadm portfw And sometimes it's necessary to echo 1>/proc/sys/net/ip_forward On Sun, Jan 13, 2002 at 09:22:12PM -0500, Jeremy L. Gaddis wrote: > You need to say "Y"es to "Network Firewalls", "IP: firewalling", > "IP: masquerading" and "IP: masquerading special modules support". > > You also need to say "Y"es to "Prompt for development and/or > incomplete code/drivers" if you haven't already. > > j. > > -- > Jeremy L. Gaddis <[EMAIL PROTECTED]>
Re: ipmasqadm portfw
On Tue, 25 Sep 2001 04:15:07 -0500 "will trillich" <[EMAIL PROTECTED]> wrote: > i used to have this working like a champ, but now it folds its > arms and laughs and evil laugh-- > > we're trying to establish port forwarding so that a box internal > on our lan (192.168.1.2) can serve requests through the > firewall, from 'out there'. > > # ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80 > > # ipmasqadm portfw -ln > prot localaddrrediraddr lportrport pcnt pref > TCP [PUBLIC_IP] 192.168.1.2 7890 801010 > Have you allowed access to that port with ipchains? The packets will never get to your ipmasqadm rule if ipchains is rejecting/denying them on input. Something like this should work: ipchains -A input -p TCP -d [PUBLIC_IP] --destination-port 7890 -j ACCEPT
RE: ipmasqadm portfw
Pehaps I will tell non-senses but potato run a 2.2 kernel (2.2.17 in your case). So the tool for that kind of tricks is ipchains, isn't it? ipmasqadm is for kernel serie 2.0 no ? hope it helps jacques -Message d'origine- De : will trillich [mailto:[EMAIL PROTECTED] Envoyé : mardi 25 septembre 2001 11:15 À : debian-user@lists.debian.org Objet : ipmasqadm portfw i used to have this working like a champ, but now it folds its arms and laughs and evil laugh-- we're trying to establish port forwarding so that a box internal on our lan (192.168.1.2) can serve requests through the firewall, from 'out there'. # ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80 # ipmasqadm portfw -ln prot localaddrrediraddr lportrport pcnt pref TCP [PUBLIC_IP] 192.168.1.2 7890 801010 well, it LOOKS like it's up, but-- # nmap [PUBLIC_IP] -p 7890 Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/) No ports open for host server ([public_ip]) Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds which is bolstered by the fact that if i try to connect to public port :7890 from outside (that is, from a public ip out on the internet, trying to connect to port :7890 on my public ip address) i get deafening silence (unable to connect to host). is there another step i've forgotten? i'm on potato 2.2.17 and this was working earlier... -- DEBIAN NEWBIE TIP #48 from Will Trillich <[EMAIL PROTECTED]> : To peruse your CURRENT VIM SETTINGS (there's LOTS of them) from within Vim, simply do :options You can change them there, on-the-fly, as well. Type "ctrl-W ctrl-W" to switch "panes" or "ctrl-W q" to close one. Try ":help" to learn more. Also see http://newbieDoc.sourceForge.net/ ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ipmasqadm portfw and apache
On Wed, Aug 29, 2001 at 01:39:21PM -0700, Jason Majors scribbled... > Does anybody have experience with multiple VirtualHost entries? Or know > the > correct format? > I'm doing: > NameVirtualHost domainone > NameVirtualHost domaintwo > NameVirtualHost domainthree > > > ... > > > > ... > > > > ... > > I got it working. I feel kinda dumb...for those who'd like to know how to do it: NameVirtualHost 1.2.3.4 # MUST BE AN IP! (my mistake). # I had to put the specific one before a generic ... # www to get the specific to come up. ... ...
Re: ipmasqadm portfw and apache
Jason Majors wrote: >I'd like to forward all requests on port 80 thru my firewall, however, I >use >VirtualHosts under apache. >Is there a way to forward the port with the desired host name? >Or can I do it based on the hostname desired? (eg forward a request to >www.foo.com to port 81 and a request to www.bar.com to 82). > >Thanks, >Jason > I think I figured it out...it's not the port issue. When I add a second "NameVirtualHost foo" and "", I get the warning from apache "[warn] NameVirtualHost tmr.whizzird.net:80 has no VirtualHosts", so I'd guess that there's something in the order of the httpd.conf. When this happens the special hosts entry I created goes back to the default page for the server, but when there's only one VirtualHost, that hosts entry goes to the VirtualHost. I get the same warnings on the firewall, but virtual hosting works fine. Does anybody have experience with multiple VirtualHost entries? Or know the correct format? I'm doing: NameVirtualHost domainone NameVirtualHost domaintwo NameVirtualHost domainthree ... ... ... Thanks, Jason
Re: ipmasqadm portfw and apache
On Wed, Aug 29, 2001 at 11:51:48AM -0700, Tim Moss scribbled... > Jason Majors wrote: > >I'd like to forward all requests on port 80 thru my firewall, however, I > >use > >VirtualHosts under apache. > >Is there a way to forward the port with the desired host name? > >Or can I do it based on the hostname desired? (eg forward a request to > >www.foo.com to port 81 and a request to www.bar.com to 82). > > > >Thanks, > >Jason > > > > > > Forwarding the port will not change the actual HTTP request which is > what the VirtualHosts depends on. I think it should be pretty > transparent (though I've never tried it). Are you having a problem doing > this or are you just asking in preparation of setting it up? > I already did it. When I forwarded to the internal box, all requests were served by the default html/ directory, not the virtual host matching the url I typed.
Re: ipmasqadm portfw and apache
Jason Majors wrote: I'd like to forward all requests on port 80 thru my firewall, however, I use VirtualHosts under apache. Is there a way to forward the port with the desired host name? Or can I do it based on the hostname desired? (eg forward a request to www.foo.com to port 81 and a request to www.bar.com to 82). Thanks, Jason Forwarding the port will not change the actual HTTP request which is what the VirtualHosts depends on. I think it should be pretty transparent (though I've never tried it). Are you having a problem doing this or are you just asking in preparation of setting it up?
