search for: portfw

...PChains firewall: file: /etc/rc.d/init.d/firewall This actually opens up a few more holes for some outbound streams. Can't remember exactly why I did it this way but it works good. # VIOP - asterisk # vars $EXT_IP=your.external.ip.here $ASTERISK_IP=your.asterisk.server.ip # #chains ipmasqadm portfw -a -P udp -L $EXT_IP 5060 -R $ASTERISK_IP 5060 ipchains -A portfw -s 0/0 1024: -d $EXT_IP 5060 -p 17 -j ACCEPT ipmasqadm portfw -a -P udp -L $EXT_IP 4569 -R $ASTERISK_IP 4569 ipchains -A portfw -s 0/0 1024: -d $EXT_IP 4569 -p 17 -j ACCEPT ipmasqadm portfw -a -P udp -L $EXT_IP 5036 -R $ASTERISK_IP 5...

...h conflicting info on the net, I thought I'd share a simple guide to set up the port forwarding side of masquerading... this presumes you already have basic ipchains setup and simple masquerading of internal machines installed. PORT FORWARDING USING IPMASQADM. “Ipmasqadm” supercedes the “ipportfw” feature. 1 - Upgrade to Kernel 2.2.12-20 if not already up to this. 2 - cd /usr/src/linux and run “make menuconfig” 3 - in here make sure kernel is configured to route ip, is tuned as a router ( as opposed to host ), and that ipportfw is set up as a module. 4 - download the ipmasqadm tool from...

I have the following forced up mew by evil telco problem: - One IP - Homebrew LAN - portforwarding for some services. - extra PPTP/ppp layer to an internal 10.* network which mutilates DNS answers. Setup: Machine A has ip a.b.c.d (real IP) and is reachable over ADSL with it from the world. It does NAT for an internal LAN 192.168.0.0/24) and has portforwading turned on for some ports (eg 80)

...rom unknown source 1.2.3.4:63791 Which is, of course, true. One end of the vpn is behind a masquerading firewall, so outbound packets from my house get rewritten at the firewall. I haven't yet figured out a way around this problem. The example (and Ivo) suggests the use of the ipmasqadm 'portfw' module, but this would appear to only help for inbound connections -- e.g., forwarding connections to 1.2.3.4:655 to 192.168.1.21:655. In fact, if I were to initiate the connection from (home), this would appear to be completely unnecessary, but for the sake of matching the online example I...

...remote 192.168.1.20) from this server to another server without public ip and behind a router. I wanted to make the second server visible to the world, so I reserver one of the three ip public address (say 111.111.111.111, 111.111.111.112 and 111.111.111.113) for the job and I made an ipmasqadm portfw rule to redirect incoming packets on 111.111.111.111 port 80 to the remote address of the tunnel interface (192.168.1.20) Things are running. Packets are redirected from the public address to the private one and then , via tun interface, reach the "private server". BUT packets are arri...

...a tun interface with local address 192.168.1.10 and remote 192.168.1.20) from this server to another server without public ip and behind a router. I wanted to make the second server visible to the world, so I reserved one of the public addresses (say 2.2.2.2) for the job and I made an ipmasqadm portfw rule to redirect incoming packets on 1.1.1.1 port 80 to the remote address of the tunnel interface (192.168.1.20) on the same port. Things are running. Packets are redirected from the public address to the private one and then, via tun interface, reach the "private server". *BUT* packe...

...erface, and then use the dummy interface as the default gateway? Effectively this would do the same thing as setting up two routers bacl-to-back, and using only egress shaping on both routers to achieve ingress shaping? Kind of like having a logical, rather than a physical router? 2) ipmasqadm portfw unstable/unreliable I have tried to use this approach to forward ports from the firewall to an internal server. It works OK initially, but within minutes, things start going wrong. Some connections get through on one interface but not the other. Later, connections from the same host will work o...

...rwarding in IPTABLES and so far it's working great from the internet, but when I attempt from my internal LAN using the External IP address, it fails. EXTIF="eth0" INTIF="eth1" EXTIP="xxx.xxx.xxx.xxx" INTNET="192.168.1.0/24" INTIP="192.168.1.1" PORTFWIP="192.168.1.13" >From the internet, if I type in http://xxx.xxx.xxx.xxx:81 it works. When use a computer on my LAN and type in http://192.168.1.13:81 it works. However, when i type in from a computer on my LAN: http://xxx.xxx.xxx.xxx:81 it does not. Any ideas? Thanks in advance....

...ST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST DNAT net loc:192.168.40.9 tcp 5800 But how do I forward this? ie: firewall.public.ip:100 -> masqueraded.server.ip:101 I have previously set this up under "ipchains" kernels using ipmasqadm via the following command. ipmasqadm portfw -a -P tcp -L $IPLOCAL 5801 -R 192.168.1.51 5800 I know it must be in the documentation somewhere, I just can''t find it ... Thanks Ian

Hi, There appears to be a bug in 2.5.1p2 that is not present on 2.3.0p1. The environment in question is Solaris, on either Intel or Sparc. The arrangement is as follows: System bar forwards a port from itself to system baz by doing su portfw -c 'ssh -2 -P -N -f -g -L 3333:baz:22 baz' System foo, which can talk to bar but not baz, initiates an ssh connection to bar port 3333, and is able to log in through that to baz, which runs an sshd on port 22. The problem is that this only works once. After disconnecting from baz, a subs...

...ble 201 ip route add 10.3.3.0/24 dev eth2 proto static table 201 ip route add default via 10.3.3.100 proto static table 201 ip route add default scope global nexthop via 10.2.2.100 dev eth1 nexthop via 10.3.3.100 dev eth2 # contains MARK rules for connection initiations coming from the outside #(portfw) iptables -t mangle -N INCOMINGMARK # contains MARK rules for connection initiations coming from the inside # routed by multi path routes iptables -t mangle -N OUTGOINGMARK # contains MARK rules for connection initiations coming from the inside # forced by user configuration to leave through a sp...

...le comments # 0.79s - ruleset now uses modprobe instead of insmod # 0.78s - REJECT is not a legal policy yet; back to DROP # 0.77s - Changed the default block behavior to REJECT not DROP # 0.76s - Added a comment about the OPTIONAL WWW ruleset and a comment # where to put optional PORTFW commands # 0.75s - Added clarification that PPPoE users need to use # "ppp0" instead of "eth0" for their external interface # 0.74s - Changed the EXTIP command to work on NON-English distros # 0.73s - Added comments in the output section that DHCPd is optional #...