search for: ipmasqadm

Hi All, born out of frustration with conflicting info on the net, I thought I'd share a simple guide to set up the port forwarding side of masquerading... this presumes you already have basic ipchains setup and simple masquerading of internal machines installed. PORT FORWARDING USING IPMASQADM. “Ipmasqadm” supercedes the “ipportfw” feature. 1 - Upgrade to Kernel 2.2.12-20 if not already up to this. 2 - cd /usr/src/linux and run “make menuconfig” 3 - in here make sure kernel is configured to route ip, is tuned as a router ( as opposed to host ), and that ipportfw is set up as a module...

...8.1.10 and remote 192.168.1.20) from this server to another server without public ip and behind a router. I wanted to make the second server visible to the world, so I reserver one of the three ip public address (say 111.111.111.111, 111.111.111.112 and 111.111.111.113) for the job and I made an ipmasqadm portfw rule to redirect incoming packets on 111.111.111.111 port 80 to the remote address of the tunnel interface (192.168.1.20) Things are running. Packets are redirected from the public address to the private one and then , via tun interface, reach the "private server". BUT packets a...

...h vtund on a tun interface with local address 192.168.1.10 and remote 192.168.1.20) from this server to another server without public ip and behind a router. I wanted to make the second server visible to the world, so I reserved one of the public addresses (say 2.2.2.2) for the job and I made an ipmasqadm portfw rule to redirect incoming packets on 1.1.1.1 port 80 to the remote address of the tunnel interface (192.168.1.20) on the same port. Things are running. Packets are redirected from the public address to the private one and then, via tun interface, reach the "private server". *BUT...

...reliable IPChains firewall: file: /etc/rc.d/init.d/firewall This actually opens up a few more holes for some outbound streams. Can't remember exactly why I did it this way but it works good. # VIOP - asterisk # vars $EXT_IP=your.external.ip.here $ASTERISK_IP=your.asterisk.server.ip # #chains ipmasqadm portfw -a -P udp -L $EXT_IP 5060 -R $ASTERISK_IP 5060 ipchains -A portfw -s 0/0 1024: -d $EXT_IP 5060 -p 17 -j ACCEPT ipmasqadm portfw -a -P udp -L $EXT_IP 4569 -R $ASTERISK_IP 4569 ipchains -A portfw -s 0/0 1024: -d $EXT_IP 4569 -p 17 -j ACCEPT ipmasqadm portfw -a -P udp -L $EXT_IP 5036 -R $ASTERI...

...t on port 655 from unknown source 1.2.3.4:63791 Which is, of course, true. One end of the vpn is behind a masquerading firewall, so outbound packets from my house get rewritten at the firewall. I haven't yet figured out a way around this problem. The example (and Ivo) suggests the use of the ipmasqadm 'portfw' module, but this would appear to only help for inbound connections -- e.g., forwarding connections to 1.2.3.4:655 to 192.168.1.21:655. In fact, if I were to initiate the connection from (home), this would appear to be completely unnecessary, but for the sake of matching the online...

I've noticed that my W2K clients connect to Samba much more quickly if I run it on port 445 instead of 139. However, my WNT clients then won't connect at all. I read somewhere that it was possible to forward the requests on port 139 to port 445. Anyone know how to do this or how to listen to both ports simultaneously? Thanks, Jason Joines Open Source = Open Mind

...ting this into "rules" #ACTION SRC DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST DNAT net loc:192.168.40.9 tcp 5800 But how do I forward this? ie: firewall.public.ip:100 -> masqueraded.server.ip:101 I have previously set this up under "ipchains" kernels using ipmasqadm via the following command. ipmasqadm portfw -a -P tcp -L $IPLOCAL 5801 -R 192.168.1.51 5800 I know it must be in the documentation somewhere, I just can''t find it ... Thanks Ian

...ummy intgerface, and then use the dummy interface as the default gateway? Effectively this would do the same thing as setting up two routers bacl-to-back, and using only egress shaping on both routers to achieve ingress shaping? Kind of like having a logical, rather than a physical router? 2) ipmasqadm portfw unstable/unreliable I have tried to use this approach to forward ports from the firewall to an internal server. It works OK initially, but within minutes, things start going wrong. Some connections get through on one interface but not the other. Later, connections from the same host will...

...al disks can be discarded.) Bernhard "Krusch, David" wrote: > > Did you ever find a way for an NT box on the private side of a Linux MASQ'd > network > to login to a PDC on the Wan side? (same as your post below)! I am using > Linux 2.2.13 > with ipchains and ipmasqadm. > > Thanks! > Dave Krusch > > ====================== > > NT logon with ipchains > > * Date: Fri, 28 May 1999 11:23:32 +0200 > * From: "Bernhard Riegel (sdm)" <Bernhard.Riegel@sdm.de> > * Subject: NT logon with ipchains > &g...