thr3ads.net - Shorewall users - [Shorewall-users] IP Forwarding [Nov 2002]

If this information is useful, please help other people find it:
Share via:

Nigel George

2002-Nov-13 11:24 UTC

[Shorewall-users] IP Forwarding

Hi,
	I''m trying to get RAdmin [uses tcp 4889] access to my Windows machine 
which is behind my firewall.

I have zones:

gbl : the world
loc : my lan
fw : firewall

I placed the following in my rules file

DNAT	gbl	loc:192.168.0.2	tcp	4889	-

When trying to RAdmin I get a cannot conect to server error.

192.168.0.2 is my Windows Machines IP address.

Can anyone help me?

Shorewall 1.3.9b
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nigel George
Webmaster
CPiO Limited

Telephone :     +44 (0) 1675 467046
Facsimile :     +44 (0) 1675 467682
E-Mail :        mailto:nigel.george@cpio.co.uk
Web :           http://www.cpio.co.uk/

The views expressed within this message are those of the sender, not
those of the company unless endorsed by a Director of CPiO Limited.

Reginald R. Richardson

2002-Nov-13 11:32 UTC

head link

[Shorewall-users] IP Forwarding

Try adding this also

ACCEPT	gbl	loc		tcp	4889	-
> -----Original Message-----
> From: Nigel George [mailto:nigel.george@cpio.co.uk]=20
> Sent: Wednesday, November 13, 2002 12:24
> To: shorewall-users@shorewall.net
> Subject: [Shorewall-users] IP Forwarding
>=20
>=20
> Hi,
> 	I''m trying to get RAdmin [uses tcp 4889] access to my=20
> Windows machine=20
> which is behind my firewall.
>=20
> I have zones:
>=20
> gbl : the world
> loc : my lan
> fw : firewall
>=20
> I placed the following in my rules file
>=20
> DNAT	gbl	loc:192.168.0.2	tcp	4889	-
>=20
> When trying to RAdmin I get a cannot conect to server error.
>=20
> 192.168.0.2 is my Windows Machines IP address.
>=20
> Can anyone help me?
>=20
> Shorewall 1.3.9b
> --=20
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Nigel George
> Webmaster
> CPiO Limited
>=20
> Telephone :     +44 (0) 1675 467046
> Facsimile :     +44 (0) 1675 467682
> E-Mail :        mailto:nigel.george@cpio.co.uk
> Web :           http://www.cpio.co.uk/
>=20
> The views expressed within this message are those of the=20
> sender, not those of the company unless endorsed by a=20
> Director of CPiO Limited.
>=20
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net=20
> http://www.shorewall.net/mailman/listinfo/shor> ewall-users
>=20

SHOREWALL TimeLord

2002-Nov-13 11:54 UTC

head link

[Shorewall-users] IP Forwarding

Nigel George  (13.11.2002  12:24):>Hi,
> I''m trying to get RAdmin [uses tcp 4889] access to my Windows
machine
>which is behind my firewall.
>
>I have zones:
>
>gbl : the world
>loc : my lan
>fw : firewall
>
>I placed the following in my rules=20file
>
>DNAT  gbl    loc:192.168.0.2      tcp    4889   -
>
>When trying to RAdmin I get a cannot conect to server error.
>
>192.168.0.2 is my Windows Machines IP address.
>
>Can anyone help me=3F


DNAT   gbl     loc:192.168.0.2       tcp     4889      -               123.123.
123.123

where 123.123.123.123 is external IP of your firewall

TimeLord

SHOREWALL TimeLord

2002-Nov-13 12:02 UTC

head link

[Shorewall-users] IP Forwarding

Nigel George  (13.11.2002  12:24):>Hi,
> I''m trying to get RAdmin [uses tcp 4889] access to my Windows
machine
>which is behind my firewall.
>
>I have zones:
>
>gbl : the world
>loc : my lan
>fw : firewall
>
>I placed the following in my rules=20file
>
>DNAT  gbl    loc:192.168.0.2      tcp    4889   -

Is 4889 correct =3F Because default listen port for RAdmin is 4899.
What is port number of your local RAdmin and what port should your firewall
listen for=3F


TimeLord

Tom Eastep

2002-Nov-13 14:27 UTC

head link

[Shorewall-users] IP Forwarding

--On Wednesday, November 13, 2002 01:54:00 PM +0200 SHOREWALL TimeLord 
<shorewall@timelord.sk> wrote:
> Nigel George  (13.11.2002  12:24):
>> Hi,
>> I''m trying to get RAdmin [uses tcp 4889] access to my Windows
machine
>> which is behind my firewall.
>>
>> I have zones:
>>
>> gbl : the world
>> loc : my lan
>> fw : firewall
>>
>> I placed the following in my rules file
>>
>> DNAT  gbl    loc:192.168.0.2      tcp    4889   -
>>
>> When trying to RAdmin I get a cannot conect to server error.
>>
>> 192.168.0.2 is my Windows Machines IP address.
>>
>> Can anyone help me?
>
>
>
> DNAT   gbl     loc:192.168.0.2       tcp     4889      -
> 123.123. 123.123
>
> where 123.123.123.123 is external IP of your firewall
>
If DETECT_DNAT_IPADDRS=Yes in shorewall.conf, then this rule is equivalent 
to the original poster''s rule.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://shorewall.sf.net
ICQ: #60745924  \ teastep@shorewall.net

Nigel George

2002-Nov-13 14:30 UTC

head link

[Shorewall-users] IP Forwarding

--------------070600050603090905020906
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Added:

ACCEPT    gbl    loc:192.168.0.2    tcp    4899 (mistype lasttime)    -

and it worked.

Now just to get RAdmin to work right with NT Authentication.

Thanks guys

Tom Eastep wrote:




--On Wednesday, November 13, 2002 01:54:00 PM +0200 SHOREWALL TimeLord
<mailto:shorewall@timelord.sk> <shorewall@timelord.sk> wrote: 



Nigel George  (13.11.2002  12:24): 


Hi, 
I''m trying to get RAdmin [uses tcp 4889] access to my Windows machine 
which is behind my firewall. 

I have zones: 

gbl : the world 
loc : my lan 
fw : firewall 

I placed the following in my rules file 

DNAT  gbl    loc:192.168.0.2      tcp    4889   - 

When trying to RAdmin I get a cannot conect to server error. 

192.168.0.2 is my Windows Machines IP address. 

Can anyone help me? 





DNAT   gbl     loc:192.168.0.2       tcp     4889      - 
123.123. 123.123 

where 123.123.123.123 is external IP of your firewall 




If DETECT_DNAT_IPADDRS=Yes in shorewall.conf, then this rule is
equivalent to the original poster''s rule. 

-Tom 
-- 
Tom Eastep    \ Shorewall - iptables made easy 
AIM: tmeastep  \ http://shorewall.sf.net <http://shorewall.sf.net>  
ICQ: #60745924  \ teastep@shorewall.net <mailto:teastep@shorewall.net>  

_______________________________________________ 
Shorewall-users mailing list 
Shorewall-users@shorewall.net <mailto:Shorewall-users@shorewall.net>  
http://www.shorewall.net/mailman/listinfo/shorewall-users
<http://www.shorewall.net/mailman/listinfo/shorewall-users>  



-- 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Nigel George
Webmaster
CPiO Limited

Telephone :     +44 (0) 1675 467046
Facsimile :     +44 (0) 1675 467682
E-Mail :        mailto:nigel.george@cpio.co.uk
<mailto:nigel.george@cpio.co.uk> 
Web :           http://www.cpio.co.uk/ <http://www.cpio.co.uk/> 

The views expressed within this message are those of the sender, not
those of the company unless endorsed by a Director of CPiO Limited. 


--------------070600050603090905020906
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  
  <title></title>
</head>
<body>
Added:<br>
<br>
ACCEPT&nbsp;&nbsp;&nbsp; gbl&nbsp;&nbsp;&nbsp;
loc:192.168.0.2&nbsp;&nbsp;&nbsp; tcp&nbsp;&nbsp;&nbsp;
4899 (mistype lasttime)&nbsp;&nbsp;&nbsp; -<br>
<br>
and it worked.<br>
<br>
Now just to get RAdmin to work right with NT Authentication.<br>
<br>
Thanks guys<br>
<br>
Tom Eastep wrote:<br>
<blockquote type="cite"
 cite="mid24970000.1037197640@wookie.shorewall.net"> <br>
  <br>
--On Wednesday, November 13, 2002 01:54:00 PM +0200 SHOREWALL TimeLord
<a class="moz-txt-link-rfc2396E"
href="mailto:shorewall@timelord.sk">&lt;shorewall@timelord.sk&gt;</a>
wrote: <br>
  <br>
  <blockquote type="cite">Nigel George&nbsp;
(13.11.2002&nbsp; 12:24): <br>
    <blockquote type="cite">Hi, <br>
I''m trying to get RAdmin [uses tcp 4889] access to my Windows machine
<br>
which is behind my firewall. <br>
      <br>
I have zones: <br>
      <br>
gbl : the world <br>
loc : my lan <br>
fw : firewall <br>
      <br>
I placed the following in my rules file <br>
      <br>
DNAT&nbsp; gbl&nbsp;&nbsp;&nbsp;
loc:192.168.0.2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
tcp&nbsp;&nbsp;&nbsp; 4889&nbsp;&nbsp; - <br>
      <br>
When trying to RAdmin I get a cannot conect to server error. <br>
      <br>
192.168.0.2 is my Windows Machines IP address. <br>
      <br>
Can anyone help me? <br>
    </blockquote>
    <br>
    <br>
    <br>
DNAT&nbsp;&nbsp; gbl&nbsp;&nbsp;&nbsp;&nbsp;
loc:192.168.0.2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
tcp&nbsp;&nbsp;&nbsp;&nbsp;
4889&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - <br>
123.123. 123.123 <br>
    <br>
where 123.123.123.123 is external IP of your firewall <br>
    <br>
  </blockquote>
  <br>
If DETECT_DNAT_IPADDRS=Yes in shorewall.conf, then this rule is
equivalent to the original poster''s rule. <br>
  <br>
-Tom <br>
-- <br>
Tom Eastep&nbsp;&nbsp;&nbsp; \ Shorewall - iptables made easy
<br>
AIM: tmeastep&nbsp; \ <a class="moz-txt-link-freetext"
href="http://shorewall.sf.net">http://shorewall.sf.net</a>
<br>
ICQ: #60745924&nbsp; \ <a class="moz-txt-link-abbreviated"
href="mailto:teastep@shorewall.net">teastep@shorewall.net</a>
<br>
  <br>
_______________________________________________ <br>
Shorewall-users mailing list <br>
<a class="moz-txt-link-abbreviated"
href="mailto:Shorewall-users@shorewall.net">Shorewall-users@shorewall.net</a>
<br>
<a class="moz-txt-link-freetext"
href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a>
<br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="MS Exchange Server version
5.5.2788.0">
<title></title>
<p><font size="2"
face="Arial">~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</font>
<br>
<font size="2" face="Arial">Nigel George<br>
Webmaster<br>
CPiO Limited<br>
<br>
Telephone : &nbsp;&nbsp;&nbsp; +44 (0) 1675 467046<br>
Facsimile : &nbsp;&nbsp;&nbsp; +44 (0) 1675 467682<br>
E-Mail : &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a
href="mailto:nigel.george@cpio.co.uk">mailto:nigel.george@cpio.co.uk</a><br>
Web : &nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a
href="http://www.cpio.co.uk/"
target="_blank">http://www.cpio.co.uk/</a><br>
<br>
The views expressed within this message are those of the sender, not<br>
those of the company unless endorsed by a Director of CPiO Limited.</font>
</p>
</div>
</body>
</html>

--------------070600050603090905020906--

Tom Eastep

2002-Nov-13 22:27 UTC

head link

[Shorewall-users] IP Forwarding

--On Wednesday, November 13, 2002 12:32 PM +0100 "Reginald R.
Richardson"
<whiz.kid@tyarosh.homeip.net> wrote:
> Try adding this also
>
> ACCEPT	gbl	loc		tcp	4889	-
>
Besides creating an entry in the NetFiler nat table, the rule

DNAT	gbl	loc:www.xxx.yyy.zzz	tcp	4889	-

also generates the filter table rule:

ACCEPT	gbl	loc:www.xxx.yyy/.zzz	tcp	4889	-

You do not need to add the separate ACCEPT rule yourself.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://shorewall.sf.net
ICQ: #60745924  \ teastep@shorewall.net

Apparently Analagous Threads

Search for more possibly parallel threads

Shorewall users - Nov 2002 - IP Forwarding

[Shorewall-users] IP Forwarding

[Shorewall-users] IP Forwarding

[Shorewall-users] IP Forwarding

[Shorewall-users] IP Forwarding

[Shorewall-users] IP Forwarding

[Shorewall-users] IP Forwarding

[Shorewall-users] IP Forwarding

Apparently Analagous Threads