Re: [Leaf-user] need help with port forwarding
Maybe u can help me out here...
I have the same problem as you had, whereas the Bride was inside waiting while
the groom stood outside behind the lockdoor..
I tried all options that u were told to try, but still my portforwarding is
giving problems..
can u probably be so kind as to send me a copy of your network.conf..
i'm using dachstein cd v1.02
here's my loaded modules:
ip_masq_autofw
ip_masq_ftp
ip_masq_icq
ip_masq_mfw
ip_masq_mms
ip_masq_portfw
ip_masq_pptp
ip_masq_raudio
ip_masq_user
ip_gre
This is where i think i open the door for the grooom:
# TCP services open to outside world
# Space seperated list: srcip/mask_dstport
EXTERN_TCP_PORTS=0/0_1723 0/0_smtp 0/0_pop-3
And this is where i enable the portforwarding:
# protocol_local-ip_local-port_remote-ip_remote-port
#INTERN_SERVERS=tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp
# These lines use the primary external IP address...if you need to port-forward
# an aliased IP address, use the INTERN_SERVERS setting above
#INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
#INTERN_WWW_SERVER=192.168.10.5 # Internal WWW server to make available
INTERN_SMTP_SERVER=192.168.10.1 # Internal SMTP server to make available
INTERN_POP3_SERVER=192.168.10.1 # Internal POP3 server to make available
#INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available
#INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available
#EXTERN_SSH_PORT=24 # External port to use for internal SSH access
when i send a test e-mail to my e-mail server behind the firewall, and i use
TCPDUMP to check, i can see the smtp packet arriving, but when i check the Mail
Server SMTP log, i see no incoming connections...
thnks for your help...
On Thu, 3 Jan 2002 00:25:26 -0800, Peter Jay Salzman wrote:
dan, you hit the nail on the head. the bride was definitely locked
out
of the church.
once the lock was opened, she came screaming down the isle, rushed
the
altar and now the deed is done. i'm running a fully operational
dachstein cd firewall.
thank you!
pete
begin [EMAIL PROTECTED] [EMAIL PROTECTED]
Do you have the corresponding ports *open* in the EXTERN_TCP_PORTS
section? If
not, the forwarding rules are inside waiting for a bride that's
locked out of
the church ;)
Also, since it looks like you have re-numbered your network from
the default
(changed 192.168.1 to 192.168.0) you should have a stroll back
thru your
configs, to make sure you have changed every instance of 192.168.1.
Dan
Quoting Peter Jay Salzman [EMAIL PROTECTED]:
i'm using dachstein 1.0.2 on a home network firewall. everything
seems
hunky dory:
network cards are both recognized and configured correctly
masquerading works on the internal machines
everyone can ping everyone, both inside and out.
the last hurdle is port forwarding -- it looks ok, but isn't
working
(i'm not receiving mail, and i can't telnet to the smtp port
from a
remote machine). note that the internal server that handles
mail, ftp
and apache is satan.diablo.net (192.168.0.2). the firewall is
mephisto.diablo.net (eth0: 64.164.47.8 eth1: 192.168.0.1).
modules:
ip_masq_user3708 0 (unused)
ip_masq_portfw 2416 4
ip_masq_ftp 3576 0 (unused)
ip_masq_mfw 3196 0 (unused)
ip_masq_autofw 2476 0 (unused)
rtl813910856 1
tulip 32424 1
pci-scan2300 0 [rtl8139 tulip]
isofs 17692 0
ide-cd 22672 0
cdrom 26712 0 [ide-cd]
forwarded ports:
# ipmasqadm portfw -l
prot localaddrrediraddr lport
rport pcnt
pref
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net
satan.diablo.localnet 24
ssh 10 10
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net
satan.diablo.localnet smtp
smtp 10 10
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net
satan.diablo.localnet www
www 10 10
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net
satan.diablo.localnet ftp
ftp 10 10
here are the relevent variables i've set. i'm wondering what the
difference between them is. they look to do the same thing to
me:
INTERN_SERVERS=tcp_${EXTERN_IP}_ftp_192.168.0.2_ftp
tcp_${EXTERN_IP}_smtp_192.168.0.2_smtp
# These lines use the primary external IP
Re: [Leaf-user] need help with port forwarding
Quoting Peter Jay Salzman [EMAIL PROTECTED]: once the lock was opened, she came screaming down the isle, rushed the altar and now the deed is done. i'm running a fully operational dachstein cd firewall. Aye! She's a randy lass, that one ;) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] need help with port forwarding
Do you have the corresponding ports *open* in the EXTERN_TCP_PORTS section? If
not, the forwarding rules are inside waiting for a bride that's locked out of
the church ;)
Also, since it looks like you have re-numbered your network from the default
(changed 192.168.1 to 192.168.0) you should have a stroll back thru your
configs, to make sure you have changed every instance of 192.168.1.
Dan
Quoting Peter Jay Salzman [EMAIL PROTECTED]:
i'm using dachstein 1.0.2 on a home network firewall. everything
seems
hunky dory:
network cards are both recognized and configured correctly
masquerading works on the internal machines
everyone can ping everyone, both inside and out.
the last hurdle is port forwarding -- it looks ok, but isn't working
(i'm not receiving mail, and i can't telnet to the smtp port from a
remote machine). note that the internal server that handles mail, ftp
and apache is satan.diablo.net (192.168.0.2). the firewall is
mephisto.diablo.net (eth0: 64.164.47.8 eth1: 192.168.0.1).
modules:
ip_masq_user3708 0 (unused)
ip_masq_portfw 2416 4
ip_masq_ftp 3576 0 (unused)
ip_masq_mfw 3196 0 (unused)
ip_masq_autofw 2476 0 (unused)
rtl813910856 1
tulip 32424 1
pci-scan2300 0 [rtl8139 tulip]
isofs 17692 0
ide-cd 22672 0
cdrom 26712 0 [ide-cd]
forwarded ports:
# ipmasqadm portfw -l
prot localaddrrediraddr lportrport pcnt
pref
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet 24
ssh 10 10
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet smtp
smtp 10 10
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet www
www 10 10
TCP adsl-64-164-47-8.dsl.scrm01.pacbell.net satan.diablo.localnet ftp
ftp 10 10
here are the relevent variables i've set. i'm wondering what the
difference between them is. they look to do the same thing to me:
INTERN_SERVERS=tcp_${EXTERN_IP}_ftp_192.168.0.2_ftp
tcp_${EXTERN_IP}_smtp_192.168.0.2_smtp
# These lines use the primary external IP address...if you need to
# port-forward
# an aliased IP address, use the INTERN_SERVERS setting above
INTERN_FTP_SERVER=192.168.0.2 # Internal FTP server to make
available
INTERN_WWW_SERVER=192.168.0.2 # Internal WWW server to make
available
INTERN_SMTP_SERVER=192.168.0.2 # Internal SMTP server to make
available
#INTERN_POP3_SERVER=192.168.0.2 # Internal POP3 server to make
available
#INTERN_IMAP_SERVER=192.168.0.2 # Internal IMAP server to make
available
INTERN_SSH_SERVER=192.168.0.2 # Internal SSH server to make
available
EXTERN_SSH_PORT=24 # External port to use for internal
SSH
i'm looking at this, and i can't see anything that's wrong. the
output
of ipmasqadm looks compelling. it LOOKS like it should be working.
help! any advice? what exactly is the difference between
INTERN_SERVERS and INTER_.*_SERVER? i'm not too sure what an
aliased IP address is. does that refer to a masqueraded ip address
(like 192.168.0.2)?
any help greatly appreciated. i've been staring at this for far too
long. :)
pete
--
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
PGP Public Key: finger [EMAIL PROTECTED]
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
