The following is what I did to enable Timbuktu (uses tcp ports
1417-1420,407 and udp port 407) into our network. We have a block of 16
external IP addresses which are being forwarded to the same numbers on
our internal network (ie the external address xxx.xxx.xxx.17 gets
forwarded to internal address 192.168.1.17).
In /etc/e-smith/templates-custom/etc/rc.d/init.d/masq I replaced
'35SetPortFW' with the following (it might be better to add it as
'36SetPortFW' so you don't interfere with any existing portforwarding
you might have configured?). You'll need to modify it for your block of
IP addresses and the ports you want to forward.
{
local %services = ( masq => $masq );
$OUT = "";
local $me = "portfw";
local $i = 0;
local $status = db_get_prop(\%services, 'masq', 'status') || "disabled";
local $loadme = db_get_prop(\%services, 'masq', $me) || "yes";
if ( ($status eq "enabled") and ($loadme eq "yes") )
{
for ($i = 19; $i <= 30; $i++)
{
$OUT .= "/usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.$i
1417 -R 192.168.1.$i 1417\n";
$OUT .= "/usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.$i
1418 -R 192.168.1.$i 1418\n";
$OUT .= "/usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.$i
1419 -R 192.168.1.$i 1419\n";
$OUT .= "/usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.$i
1420 -R 192.168.1.$i 1420\n";
$OUT .= "/usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.$i
407 -R 192.168.1.$i 407\n";
$OUT .= "/usr/sbin/ipmasqadm portfw -a -P udp -L xxx.xxx.xxx.$i
407 -R 192.168.1.$i 407\n";
$OUT .= "\n";
}
$OUT .= "/sbin/ipchains --append input -p tcp -s 0/0 -d
xxx.xxx.xxx.16/28 1417 -j ACCEPT -l\n";
$OUT .= "/sbin/ipchains --append input -p tcp -s 0/0 -d
xxx.xxx.xxx.16/28 1418 -j ACCEPT -l\n";
$OUT .= "/sbin/ipchains --append input -p tcp -s 0/0 -d
xxx.xxx.xxx.16/28 1419 -j ACCEPT -l\n";
$OUT .= "/sbin/ipchains --append input -p tcp -s 0/0 -d
xxx.xxx.xxx.16/28 1420 -j ACCEPT -l\n";
$OUT .= "/sbin/ipchains --append input -p udp -s 0/0 -d
xxx.xxx.xxx.16/28 407 -j ACCEPT -l\n";
$OUT .= "/sbin/ipchains --append input -p tcp -s 0/0 -d
xxx.xxx.xxx.16/28 407 -j ACCEPT -l\n";
}
}
Then run
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
and
chmod 755 /etc/rc.d/init.d/masq
/etc/rc.d/init.d/masq restart
Fred
Robert Jenner wrote:
>
> Good Afternoon,
>
> I am writing to ask if anyone has a configuration they would like to share.
> I have spoken with the management of E-Smith (Mitel) and they have
> recommended I ask this list.
>
> I have the requirement to implement a system to provide multiple IP
> addresses on the external interface of the E-Smith system, for the purpose
> of port forwarding to multiple internal servers operating on the same ports.
> I do not have the option to change the port numbers, as the application
> services being accessed are pre-configured for specific ports. I don't know
> if there is anyone on this list that has a configuration they would like to
> share, but if so, I would like to hear about it.
>
> If more information is required as to the exact number of servers, what
> ports, etc, please ask.
>
> Thank you all, and please excuse me if this was not the correct place for
> this message.
>
> Bob
>
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
