Re: [GnuDIP] Re: gdipc -g sendport help
Please remember to reply to the mailing list, not the original sender: http://gnudip2.sourceforge.net/#mailinglist + As you discovered I got it backwards in my earlier note .. Brian S wrote: > > Given my original example "gdipc -g 3645:749", your explanation below > indicates the gdipc server will send a UDP packet back to port 3645 on the > WAN side of my NAT. Correct? > > >For example given your command "gdipc -g 3645:749", gdipc will send a > >UDP packet to port 3645 at the external address of your NAT box at the > >time of the last update, and listen with a time out on port 749, hoping > >to immediately receive the packet it just sent. So if the external > >address of your NAT box has changed, the packet will not arrive. > > >You must forward UDP packets arriving at port 749 on the external > >interface of your NAT box to 3645 of the machine running gdipc, > >otherwise the packets will never arrive, and you will send unnecessary > >updates to your GnuDIP service. This was backwards. Sorry. The gdipc.pl script will send to port 3645 on the external (WAN) address, and listen on port 749. One comment here, perhaps you should use a port above 1024 to listen on. On *NIX systems only "root" users can listen on ports below 1024. Perhaps your gdipc.pl script is not running with sufficient privileges? > And (on the LAN side), the gdipc client is going to listen on port 749 for > the packet that is supposed to be coming in on port 3645. So, I need to > point UDP packets coming in from the WAN side on port 3645 to port 749 on > the LAN side. Is this correct? (see my drawing below for my > understanding...which I cannot make work) Correct. > If this is the case, then the LAN side should know nothing about port 3645 > traffic and not require any LAN-side filters relating to port 3645 (outbound > or inbound). Right. > So, does this mean the -g parameter "3645:749" is actually the port > translation defined in the firewall? Port 3645 should be mapped to port 749 - right. > If I am barking up the wrong tree, please tell me to drop it. I have found > examples of Netgear filters ( http://www.netgear.org & > http://www.netgear.com/support/rt311/applications/firewall.html ), but I am > still confused as to how these examples can be applied to the gdipc > software. Don' quit!! I cannot promise to look through these sites. I did try one though, and it hung my browser! I had to retype this note! > My hope here is to document an example of using a Netgear RP114 (or RTxxx) > firewall with the GnuDIP software. Great. It is my hope that the archives for this mailing list will be a resource for GnuDIP users. > Do you think I have a chance? ;-) Yes. I have certainly had this working using a Linux gateway as the NAT box, and there is a report of success using a Linksys device on the mailing list: http://marc.theaimsgroup.com/?l=gnudip2-general&m=101372265626784&w=2 I suspect others must have it working too. The technique being used here is meant to be very simple and independant of the details of the NAT box. I see no reason why it should not work with your device. And I would very much like to see a report of success on this mailing list. >ÚÄ¿ >³ Remote ³ >³ GDIPC Server ³ >³ ³ >ÀÄÙ >³^ >³³ > ÚÙÀÄÄÄ¿ > ³ ³ > 3645 ³ ³ > \/ ³ > ÚÄÄÄ¿ ÚÄÄÅ > ³ WAN ³ ³ WAN³ > ³ Input Filter ³ ³ Output Filter ³ > ³ ³ ³ ³ > ÀÄÄÄÁ ÀÄÄÙ > 749 ³ ^ > ³ ³ > ³ ³ > ³ ³ > ÀÄ¿ ÚÄÙ > ³ ³ > ³ ³ > ³ ³ >\/ ³ > ÚÄÄÄ¿ > ³ Netgear RP114³ > ³ Firewall/NAT ³ > ³ ³ > ÀÄÄÄÙ > ³ ^ > ³ ³ > ³ ³ > ÚÄÙ ÃÄÄ¿ > ³ ³ > ³ ³ > 749 ³ ³ > \/ ³ > ÚÄÄÄ¿ ÚÄÄÅ > ³ LAN ³ ³ LAN³ > ³ Input Filter ³ ³ Output Filter ³ > ³ ³ ³ ³ > ÀÄÄÄÁ ÀÄÄÙ > ³ ^ > 749 ³
Re: [GnuDIP] Re: gdipc -g sendport help
Please remember to reply to the mailing list, not the original sender: http://gnudip2.sourceforge.net/#mailinglist + I am not familiar with the NAT box you have. Sorry. I am probably also not familiar with the release of Windows you are using. The last versions of Windows I have any experience with are 98 and NT 4. I hope sincerely that I will not gain any more experience with Windows. You should not need to register any service names to Windows - gdipc does not look up service names. Just specify the port numbers. Is there a software firewall running on your Windows machine? Can wou redirect port 80 (i.e, web server) on the firewall device to port 80 on an internal machine? Brian S wrote: > > Please remember to reply to the mailing list, not the original sender: > > http://gnudip2.sourceforge.net/#mailinglist > > + > > Thank you very much for taking the time to explain the gdipc -g option. > > Unfortunately, I am still having the same problem. > > Apparantly, my problem stems more from my inability to define the correct > firewall filter/forwarding rule rather than the gdipc configuration. > > If you have some example of how the rule needs to be set up to do the > correct forwarding, I would really appreciate it. I am somewhat new to > configuring filter rules. I have done straight port forwarding, but based > on your description, it appears I need to redirect one port to another (i.e. > filter rule?). > > I am using a Netgear RP114. > > The corrective action I have taken based on your message was to open a > second port in my firewall and forward that port to the machine running the > 'gdipc -g' command. On my Netgear router, it appears as such: > > Menu 15 - SUA Server Setup > Rule Start Port No. End Port No. IP Address > --- > 1.Default Default0.0.0.0 > 2. 3645 3646 10.10.22.2 > > Note: I have tried both defining a range ( 3645 -> 3646 ) and individual ( > 3645 -> 3645 && 3646 -> 3646 ) forwarding definitions. > > I have also tried defining the filter rule: > Menu 21.4 - Filter Rules Summary > # A Type Filter Rules M m n > - - -- - - - > 1 Y IP Pr=17, SA=10.10.22.2, SP=3645, DA=0.0.0.0 N N N > 2 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=3646 N F N > > And in /winnt/system32/drivers/etc/services: > > gnudynipsend 3645/udp > gnudyniprecv 3646/udp > > The output still appears as such: > > F:\Software\gdipc>gdipc -g 3645:3646 > gdipc.bat running: Sat Mar 23 06:53:15 2002 > Configuration file name: F:/Software/gdipc/gdipc.conf.txt > Cache file name: F:/Software/gdipc/gdipc.cache.user.zeropain.com.txt > Address validation failed for 24.136.122.212 - UDP packet timed out > Attempting update at zeropain.com ... > Update to address 24.136.122.212 from 24.136.122.212 successful for > user.zeropain.com > > == > > Apparantly, no matter how I define my port filtering/forward, I am getting > the same response back (updating the address of the GnuDIP server correctly, > but not being able to determine it hasn't changed). > > I have trolled some newsgroups for postings on this, but I haven't found an > example that I understand will do what I need to do to use gdipc. > > Thanks for your help! > > -brian > > _ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx > > -- > GnuDIP Mailing List > http://gnudip2.sourceforge.net/#mailinglist -- Creighton MacDonnell http://macdonnell.ca/ -- GnuDIP Mailing List http://gnudip2.sourceforge.net/#mailinglist
