similar to: tinc vs. ipchains masquerading

Hi All, born out of frustration with conflicting info on the net, I thought I'd share a simple guide to set up the port forwarding side of masquerading... this presumes you already have basic ipchains setup and simple masquerading of internal machines installed. PORT FORWARDING USING IPMASQADM. “Ipmasqadm” supercedes the “ipportfw” feature. 1 - Upgrade to Kernel 2.2.12-20 if not already

Just responding in case this may be of help to somebody with firewalling issues. Not sure if this is off on a tangent to the original question... Here are three different forms of common firewall scripts and ways of getting SIP to work behind them. The third one has some additional stuff beyond just SIP although I can't remember why I wrote it that way. I've been having no fun using

Hi, I''m running a Debian 2.2r2 on a university server with 3 public ip on one ethernet card (but soon we will have three cards). There''s a tunnel (implemented with vtund on a tun interface with local address 192.168.1.10 and remote 192.168.1.20) from this server to another server without public ip and behind a router. I wanted to make the second server visible to the world, so

Excuse me form reposting the quesiton, but I didn''t find any solution. Any suggestion is welcome Hi, I''m running a Debian 2.2r2 on a university server with 3 public ip o(1.1.1.1 2.2.2.2 and 3.3.3.3 on one ethernet card (but soon we will have three cards). There''s a tunnel (implemented with vtund on a tun interface with local address 192.168.1.10 and remote

Hi All I have had a look through the documentation but I can''t see how to do this. I want to setup DNAT for an incoming connection. The connection must be forwarded to a server on a masqueraded server behind the firewall. The tricky part is I need to forward to a different port to the one that the request arrived on. I can do this: firewall.public.ip:5800 ->

Hello David, After some experiments and discussions I came to the following result concerning private NT-Box connecting to a LAN via ipchains and using all NETBIOS services (incl. domain-logon): Cross-subnet browsing with NETBIOS could only be done by a local master browser in the private net. I first thought of using Samba on the Linux router for that. But the Samba service would have to use

Greetings from a newbie! (Well, to this list anyway) I''m having a problem and I hope someone here might be able to help... I am strongly expecting an answer along the lines of "upgrade to v2.4.x", but I would REALLY preffer to avoid that for now... The setup: "Home brewed" v2.2.24 (will patch to v2.2.25 later today) with the DS8 patch applied. Currently

Dear Tinc developer, I have some problems connecting to the other site of the VPN Here are my configuration files on pc1 Configuration files on pc2 /usr/local/etc/tinc/tinc.conf /usr/local/etc/tinc/tinc.conf Name = pc1 Name = pc2 TapDevice = /dev/tap0 TapDevice = /dev/tap0 PrivateKeyFile =

I'd like to install openssh across an Irix cluster where I work, but its dependency on an "entropy pool" like /dev/urandom is making this problematic -- especially because EGD has issues with Irix that making it largely unusable. Obviously, the original ssh relied on its own random number generator. While this may not have provided the same degree of randomness that is provided by

I?ve got a laptop running Win 7 Pro registered with my Samba/OpenLDAP PDC and it seems to not be handling roaming profiles properly when I reboot and log in. More often than not, it would take a long time logging in because it would recreate entirely new profile trees (eg. jtseng.ATHOME, jtseng.ATHOME.001, jtseng.ATHOME.002, jtseng.ATHOME.003 and so on). Could someone clue me in as to why this

Dear Tinc Experts, I have been struggling for some time now, with Tinc pre3, and firewall rulesets and routing. I did once manage to get Tinc to work okay in a test-bed environment. I then tried to set it up for a 'real-life' setup and cannot get it to work properly. My real-life setup looks like this: Network A: 192.168.1.0 / 255.255.255.0 192.168.1.7 tap1 device gateway >

Hi, I'm running Samba 2.2.1 on a NAT machine. Only hosts from the private net are allowed access (hosts allow and interfaces set to the private network only). My problem is that domains from the 'public' network are still appearing on my private network, albeit inaccessible. It's almost as if the browse-list mechanism is picking them up on the public interface. Is there a way

Has something changed in the recent modifications to Asterisk that would break dialing of the IAX peer? We're getting these authority failures everywhere. Everything is configured just the way it was half a year ago, this is the message we're getting on the most recent vers of asterisk. Wiki says nothing, nor does the ast-dev list.. -lost Mar 18 12:55:23 NOTICE[3479]: chan_iax2.c:6545

To all those that wanted to know how I was filtering particular ICMP packets here is a few snippets from my firewall script which is based on one by Ian Hall-Beyer. I hope this helps you get started. Also note the output of the command: ipchains -h icmp Shawn Mitchell mentioned blocking all ICMP echos and especially broadcast echos. Perhaps he''d care to elaborate with a similar

I just recently installed OpenSSH 2.5.1p1 on a RH6.2 box (kernel 2.2.17). I run ipchains to do packet filtering, allowing incoming connections only to 22 and 80 (and some other ports for specific machines). I was able to run prior versions of openssh in this fashion (I've run it from the first release, I think). Upon installing 2.5.1p1 I found that my attempts to connect hang, here is ssh

I figured this out -- looks like 2.5.1p1 is now using ports < 1024 on the client side (wasn't before?). I had a ipchains rule to allow ACK packets to 1024:65535, which was good enough for <= 2.3.0p1 : #allow only ACK tcp packed ipchains -A input -j ACCEPT -i eth0 -s any/0 --dport 1024:65535 -p tcp ! -y So I added the following : #allow return from ssh connections ipchains -A input -j

Hello, I'm working on my virtual keywords plugin [1] to add an apparently simple feature: add a keyword to a message when it is moved or copied into a virtual folder (let's forget about what keyword to add, I'm starting with a hard-coded one to understand Dovecot plugin development). So I've added a mail_copy hook by the notify plugin [2] and did a simple call to

Just a quick word - I spent two days trying to get Samba to work. The whole problem was a lack of knowledge about ipchains (firewall). It was part of the RH7.1 install package, and the medium security setting stops all tcp and udp traffic for a lot of ports, including those needed for NetBIOS (137-139) It is pretty easy to fix, the IPCHAINS-HOWTO is a good and humorous read, and by the end of

Hi- I heard about a bug in ipchains, could you please tell me what to do? Thanks

Hi stef; imq patch of 2.2.17 form http://luxik.cdi.cz/~devik/qos/imq.htm diff against 2.2.17 Can you tell me how imq work with ipchains? thanks for your help regards, haipe _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/