similar to: Forwarding ports

Is ''port forwarding'' a relatively new thing with packet filtering? Or has it always been available since iptables appeared on the scene. --- Ted Gervais Coldbrook Nova Scotia Canada B4R1A7

Hello, Please see the following picture: http://www.wilson-kwok.com/pptp.jpg I used one to one NAT from 210.0.0.1 to 192.168.0.2 for web server, and then use port forwarding from 210.0.0.1 to 192.168.0.3 for pptp server, but I cannot connect from my home to pptp server. Here is the nat file: 210.0.0.1 eth0:2 192.168.0.2 Here is the rules

I apologize before hand for my newbie question, but I have done the research and I still cant find a solution. Shoreline 1.4.8 Problem: Firewall isent allowing me to port forward to server Port Open = 3389 (RDP) Line added for Port Forwarding:DNAT net loc:192.168.42.5 tcp 3389 Error Produced: Mar 11 06:37:40 net2allROP:IN=ppp0 OUT=eth1 SRC=64.x.x.xxx DST=192.168.42.2 LEN=48 TOS=0x00

Please excuse my ignorance as I''m a linux newbie. Basically I have a setup of an adsl ethernet modem (nated and then everything forwarded to the external ip of my Mandrake mnf firewall) connected to the mnf firewall which then connects to the lan. internet <--> adsl modem <--> mnf firewall <--> lan There''s only 2 nics in the mnf firewall so it''s a

Hello, I am using Shorewall version 2.0.1 with kernel 2.4.20. Nightly, LogWatch emails a portion of the logs for my review. I notice that there are tons of dropped packets from port 445, somedays as many as 7,000. See sample below: >From 24.226.192.22 - 2 packets To 24.227.147.124 - 2 packets Service: microsoft-ds (tcp/445) (Shorewall:net2all:DROP:,eth0,none) - 2 packets My question is,

I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 along with some coaching on IRC from _Omache to get a machine (with IP address 66.93.22.233) to forward all port 25 traffic to another host in my network (with IP 66.93.22.254). This has not worked. I have tested by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on 66.93.22.254. Of course, I don''t

Hello, I''m having a problem here with my setup which I could use some hints in the right direction with. I want to do the following : - Windows boxes (Instrumentation, not my choice ...) are supposed to samba into a linux fileserver (131.215.52.67) - they don''t see the net directly, but are walled up behind a linux firewall (172.16.0.1/131.215.35.26) - both linux machines

Hello all, Running the "ancient" 1.4.7-RC1 version I have a problem with port forwarding. I have for a number of external fixed IP addresses forwarding to an internal terminal server - this works :-) DNAT net:111.22.33.44 loc:192.168.1.11 tcp 3389 DNAT net:222.33.44.55 loc:192.168.1.11 tcp 3389 Now I need to forward port 80 from one external address to an

Hello all, I’m running Shorewall 2.2.1 on linux kernel 2.6.10 with iptables 1.2.11. I recently ran a nessus scan of my firewall from a machine outside of the firewall and the nessus report told me that there are some ports open that I did not specify to be open. The ports are 32772/udp, 123/udp, 111/tcp, 32772/udp, and 53/udp. Why are these ports open when I did NOT specify them to be open

I have problem with IP public, my Network configuration [wireless] <------> [Router] <------ > [ Linux proxy ] < ------ > [Client ] IP configuration [202.123.123.1] <------->[202.123.123.2 and 192.168.0.1] < ------ > [192.168.0.2 and 202.123.123.3] < ------ > [202.123.123.4] this configuration will use IP 202.123.123.2 on internet how to config my network

Hi, I am running 1.4.8 and i have an external IP that is pretty well cut up with DNAT to several different subnets. When adding DNS (UDP:53) to the mix, I dont get a response from the server. According to shorewall (shorewall show nat): 33 2527 DNAT udp -- * * 0.0.0.0/0 69.13.51.22 udp dpt:53 to:10.2.80.40 yet my DNS log is coming up empty its only seeing

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via

I am missing a tiny detail on understanding a simple port forward: I want to forward just like the FAQ listed, via #ACTION SOURCE DEST PROTO DEST PORT DNAT net loc:192.168.1.3:22 tcp 1022 Which works just fine. Now I also tried this following type of rule, which I thought would work, but it did not. #ACTION SOURCE DEST PROTO DEST-PORT

Hi Folks! I''m new to shorewall (in the process of switching from Bastille), and I have a question as to how to address using Bluetooth enabled Palms with a BT dongle on a linux box protected by shorewall. Basically I followed the directions located at http://www.metacon.ca/bcs/view.php?page=bluetooth to get things working strictly with iptables, specifically: echo

Hello, I want not to log some dropped packets going from net to fw, i.e. to exclude some ports. For example, I get lots of denied SPT=4672 DPT=7476 packets in /var/log/messages. I know I can probably do this by using ulog or some other logging system and writing some rules to exclude "SPT=4672", but is it possible for shorewall not to log some ports? Sorry if it is obvious, but I

Hi, I''m new to shorewall and to this list. I just switched from custom iptables-based scripts to shorewall, and everything seems to work smoothly. There''s only one thing I wasn''t able to port : rules similar to this one : iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5190 -j REDIRECT --to-ports 5190 Can this be expressed using shorewall config files ? Or

Dear All I have added the following line to /etc/shorewall/rules: ACCEPT net fw tcp 4662 However, the program aMule continues to give me the following error: NG : Your 4662 port is not reachable. Any further ideas? Thanks in advance, Paul

I was wondering if anyone had implemented rules like this in shorewall: http://blog.andrew.net.au/tech I see tons of brute force attempts on the machines I administer, and I like the idea of limiting them without the need for extra daemons scanning for attacks. Thanks, Dale -- Dale E. Martin - dale@the-martins.org http://the-martins.org/~dmartin

Hello, We are using shorewall-3.0.7-1, I was tried the video conference server doesn''t via shorewall that was no problem, can I upgrade shorewall version to fix this problem ? our boss need use video conference this few days, so this is emergency. Thx ~~ --------------------------------- Yahoo! 網上安全攻略，教你如何防範黑客! 了解更多

Hello, I have a server to which is defined with static nat in Shorewall, and on that server, I''m running a http on a non-standard port (lets say, port 1234). I would like to use on of my free IP addresses, and map port 80 on the public side to port 1234 on the private side (forget about binding my services on a separate IP on the server, if it was feasible, I would have done that).