Hi, I use shorewall on my router (internal ip: 192.168.1.4). The router is used as a gateway for my lan. If I try to access an IRC server from any "client" (for exaples 192.168.1.1) I get the message "no identd". I tried the following in my shorewall rules config (etc/shorewall/rules), but i doesn''t work: ACCEPT net loc tcp 113 Does anyone have any idea? Thanks a lot, Lobster
Larry Lobster wrote:> Hi, > > I use shorewall on my router (internal ip: 192.168.1.4). The router is used > as a gateway for my lan. > If I try to access an IRC server from any "client" (for exaples 192.168.1.1) > I get the message "no identd". I tried the following in my shorewall rules > config (etc/shorewall/rules), but i doesn''t work: > > ACCEPT net loc tcp 113 > > Does anyone have any idea? >For identd to work with NAT: a) Enable identd from the net to the firewall: ACCEPT net fw tcp 113 b) Enable identd from the firewall to the local network: ACCEPT fw loc tcp 113 c) On the firewall, you need to run an identd that will proxy AUTH requests, based on the contents of the connection tracking table (I assume that there are Netfilter-based daemons of this type -- I used to run one under ipchains). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> c) On the firewall, you need to run an identd that will proxy AUTH > requests, based on the contents of the connection tracking table (I > assume that there are Netfilter-based daemons of this type -- I used to > run one under ipchains).I''ve used oidentd (http://freshmeat.net/projects/oidentd/) in the past with an OpenBSD firewall for this purpose in the past with great success. It will also work just peachy on linux with shorewall.
Works fine. Thanks a lot to both of you! Lobster -----Ursprüngliche Nachricht----- Von: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] Im Auftrag von Gary Buckmaster Gesendet: Dienstag, 22. Februar 2005 17:35 An: Mailing List for Shorewall Users Betreff: Re: [Shorewall-users] identd on "clients"> c) On the firewall, you need to run an identd that will proxy AUTH > requests, based on the contents of the connection tracking table (I > assume that there are Netfilter-based daemons of this type -- I used to > run one under ipchains).I''ve used oidentd (http://freshmeat.net/projects/oidentd/) in the past with an OpenBSD firewall for this purpose in the past with great success. It will also work just peachy on linux with shorewall. _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Hi, I use Shorewall 1.2.12 and want to forward tcp connections on port 15050 from the internet to a local address (192.168.1.1). I tried the following: DNAT net loc:192.168.1.1 tcp 15050 I got the following error message: Error: Invalid Target in rule "DNAT net loc:192.168.1.1 tcp 15050" Does anybody know how to forward the port correctly? Thanks a lot, Lobster
Larry Lobster a écrit :>Hi, > >I use Shorewall 1.2.12 and want to forward tcp connections on port 15050 >from the internet to a local address (192.168.1.1). > >I tried the following: >DNAT net loc:192.168.1.1 tcp 15050 > >I got the following error message: >Error: Invalid Target in rule "DNAT net loc:192.168.1.1 tcp 15050" > >Does anybody know how to forward the port correctly? > >Thanks a lot, >Lobster > >Perhaps : DNAT net loc:192.168.1.1 tcp 15050 * -* I uses rules like this and have no problems... -- Amicalement, Ben
Larry Lobster wrote:> Hi, > > I use Shorewall 1.2.12 and want to forward tcp connections on port 15050 > from the internet to a local address (192.168.1.1). > > I tried the following: > DNAT net loc:192.168.1.1 tcp 15050 > > I got the following error message: > Error: Invalid Target in rule "DNAT net loc:192.168.1.1 tcp 15050" > > Does anybody know how to forward the port correctly? >Even though it is part of Debian stable, support for Shorewall 1.2 has been discontinued for a couple of years (see http://shorewall.net/FAQ.htm#faq46). Nevertheless, if you go to the Shorewall 1.2 website (http://shorewall.net/1.2/), you will find that FAQ #1 covers port forwarding. Be that as it may, I highly recommend upgrading to a currently-supported version of Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key