similar to: NT Login with ipchains

Howdy, I tried tackling this on irc with Ivo, but I suspect that irc may really not be the best medium for technical discussions, so I'll reprise it here. I am trying to duplicate the "tinc from behind a masquerading firewall" example from the tinc web site: (home) <--> (masquerading firewall) <--> (office) 192.168.1.21 192.168.1.1/1.2.3.4

Just responding in case this may be of help to somebody with firewalling issues. Not sure if this is off on a tangent to the original question... Here are three different forms of common firewall scripts and ways of getting SIP to work behind them. The third one has some additional stuff beyond just SIP although I can't remember why I wrote it that way. I've been having no fun using

Hi All, born out of frustration with conflicting info on the net, I thought I'd share a simple guide to set up the port forwarding side of masquerading... this presumes you already have basic ipchains setup and simple masquerading of internal machines installed. PORT FORWARDING USING IPMASQADM. “Ipmasqadm” supercedes the “ipportfw” feature. 1 - Upgrade to Kernel 2.2.12-20 if not already

Hi, I''m running a Debian 2.2r2 on a university server with 3 public ip on one ethernet card (but soon we will have three cards). There''s a tunnel (implemented with vtund on a tun interface with local address 192.168.1.10 and remote 192.168.1.20) from this server to another server without public ip and behind a router. I wanted to make the second server visible to the world, so

Excuse me form reposting the quesiton, but I didn''t find any solution. Any suggestion is welcome Hi, I''m running a Debian 2.2r2 on a university server with 3 public ip o(1.1.1.1 2.2.2.2 and 3.3.3.3 on one ethernet card (but soon we will have three cards). There''s a tunnel (implemented with vtund on a tun interface with local address 192.168.1.10 and remote

Hi All I have had a look through the documentation but I can''t see how to do this. I want to setup DNAT for an incoming connection. The connection must be forwarded to a server on a masqueraded server behind the firewall. The tricky part is I need to forward to a different port to the one that the request arrived on. I can do this: firewall.public.ip:5800 ->

To all those that wanted to know how I was filtering particular ICMP packets here is a few snippets from my firewall script which is based on one by Ian Hall-Beyer. I hope this helps you get started. Also note the output of the command: ipchains -h icmp Shawn Mitchell mentioned blocking all ICMP echos and especially broadcast echos. Perhaps he''d care to elaborate with a similar

I just recently installed OpenSSH 2.5.1p1 on a RH6.2 box (kernel 2.2.17). I run ipchains to do packet filtering, allowing incoming connections only to 22 and 80 (and some other ports for specific machines). I was able to run prior versions of openssh in this fashion (I've run it from the first release, I think). Upon installing 2.5.1p1 I found that my attempts to connect hang, here is ssh

Dear Tinc Experts, I have been struggling for some time now, with Tinc pre3, and firewall rulesets and routing. I did once manage to get Tinc to work okay in a test-bed environment. I then tried to set it up for a 'real-life' setup and cannot get it to work properly. My real-life setup looks like this: Network A: 192.168.1.0 / 255.255.255.0 192.168.1.7 tap1 device gateway >

Can a router between two subnets (call it A and B) be the local master browser of the one subnet (net A) in a NT domain, when the Domain Master Browser (as well as PDC and BDC) are located in the other subnet (B)? Will say, does the Domain Master Browser of a NT domain accept a Local Master Browser in the same subnet (as the router is accessed from B via the interface ethB)? The reason for my

I figured this out -- looks like 2.5.1p1 is now using ports < 1024 on the client side (wasn't before?). I had a ipchains rule to allow ACK packets to 1024:65535, which was good enough for <= 2.3.0p1 : #allow only ACK tcp packed ipchains -A input -j ACCEPT -i eth0 -s any/0 --dport 1024:65535 -p tcp ! -y So I added the following : #allow return from ssh connections ipchains -A input -j

Hi Raymond, I also struggled 3 days to set up a direct connection between a RH7.3 box and a WinME box with a crossover cable for experiment and met with frustration. The setup of WinME box has no problem and it can connect to other Win boxes for file sharing. IP Address RH7.3 192.168.0.1 WinME 192.168.0.2 Ping started connecting but both boxes can't see each another. I also doubt

---------- Forwarded message ---------- Received: from lists.securityfocus.com (lists.securityfocus.com [216.102.46.4]) by blues.jpj.net (right/backatcha) with SMTP id VAA15167 for <trevor@JPJ.NET>; Tue, 27 Jul 1999 21:17:48 -0400 (EDT) Received: (qmail 28179 invoked from network); 27 Jul 1999 19:14:06 -0000 Received: from lists.securityfocus.com (216.102.46.4) by lists.securityfocus.com

Just a quick word - I spent two days trying to get Samba to work. The whole problem was a lack of knowledge about ipchains (firewall). It was part of the RH7.1 install package, and the medium security setting stops all tcp and udp traffic for a lot of ports, including those needed for NetBIOS (137-139) It is pretty easy to fix, the IPCHAINS-HOWTO is a good and humorous read, and by the end of

I have an Asterisk PBX behind a 'manually-built' IPCHAINS firewall machine. Can anyone tell me what I need to allow/build QOS packet rewrites through this simple NAT barrier? What do I need to pass to IPCHAINS to let QOS out to the next outside network hop? I ask this, because I have been getting intermittent jitter from my provider (TELIAX), and since it seems near-impossible to

I have tried to replace these lines from ipchains to work with shorewall. # /NFS requires 111/tcp (sunrpc/portmapper) and *all* UDP ports./ # ipchains -A input -p tcp -s $SUBNET -i eth0 -d 0/0 111 -j ACCEPT ipchains -A input -p udp -s $SUBNET -i eth0 -d 0/0 -j ACCEPT # /These ports are required by bootp, tftpd, and PXE./ # /There are also a handful of udp ports that need to/ # /be open,

I have a couple questions that I will submit separately. When I have IPchains running I can't get my samba box to show up in network neighborhood, but when I turn ipchains off the box shows up. What rules do I need to add for things to work properly? -- Raymond Norton Little Crow Telemedia Network 320-234-0270

(refers to posting "Samba 3.0 + ADS, winbind problem" from August, 28th) Setup: client: SuSE8.2 professional (kernel 2.4.20-4GB) with openldap2 2.1.12 and heimdal kerberos 0.4e from the SuSE CDs and Samba 3.0.0RC3 compiled from source with flags "--with-ads --with-pam --with-acl-support". server: Windows 2003 Server as Active Directory Controller (configured as pure

Hi- I heard about a bug in ipchains, could you please tell me what to do? Thanks

Hi stef; imq patch of 2.2.17 form http://luxik.cdi.cz/~devik/qos/imq.htm diff against 2.2.17 Can you tell me how imq work with ipchains? thanks for your help regards, haipe _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/