Unable to forward but masquerading works fine...?

Unable to forward but masquerading works fine...?

Post by bluepr.. » Sun, 31 Dec 1899 09:00:00



Hello,

I've had IP masquerading working fine for the last coupla months.
Using my Linux box as a gateway, I am able to use my Windows box
to browse the Web.  I am using RedHat 5.2 (not 6.x).

Recently I downloaded some software onto my Windows box to which
requires packets to be forwarded from the Linux box to the Windows
box; specifically TCP port 51210, and UDP ports 51200, 51201.

I use ipfwadm to administer the rules in rc.local:

----
# Rule 1: Set default policy
/sbin/ipfwadm -F -p deny
# Rule 2: Allow masquerading for our little private subnet (10.1.1.X)
/sbin/ipfwadm -F -a m -S 10.1.1.0/255.255.255.0 -D 0.0.0.0/0
# AAA 12/2/1999: for telephoning over the internet
/sbin/ipfwadm -F -a accept -b -P tcp -S 0/0 51210 -D
10.1.1.3/255.255.255.0 51210
/sbin/ipfwadm -F -a accept -b -P udp -S 0/0 51200 -D
10.1.1.3/255.255.255.0 51200
/sbin/ipfwadm -F -a accept -b -P udp -S 0/0 51201 -D
10.1.1.3/255.255.255.0 51201
----

If I do an "ipfwadm -F -l", I get:

IP firewall forward rules, default policy: deny
type  prot source               destination          ports
acc/m all  10.1.1.0/24          anywhere             n/a
acc   tcp  anywhere             10.1.1.3             51210 -> 51210
acc   udp  anywhere             10.1.1.3             51200 -> 51200
acc   udp  anywhere             10.1.1.3             51201 -> 51201

Now...the problem: it doesn't work.  Masquerading is fine, but
forwarding just doesn't work.  Trying to telnet to the Linux Box
at 51210 gets a "connection refused" error.  The software I downloaded
also fails to work.  by the way the software is for making phone
calls on the net (www.dialpad.com).

Any advice?

AAA

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

Unable to forward but masquerading works fine...?

Post by Bernd Eckenfel » Sun, 31 Dec 1899 09:00:00



> Recently I downloaded some software onto my Windows box to which
> requires packets to be forwarded from the Linux box to the Windows
> box; specifically TCP port 51210, and UDP ports 51200, 51201.

This wont work since your peer does not send the packets to your internal
addresses but to the address of the linux box. Unless the linux box knows
how to masquerade the onnections (protocol masq module) you can only hope
ipportfw can help you.

Greetings
Bernd

 
 
 

Unable to forward but masquerading works fine...?

Post by Bob Hauc » Sun, 31 Dec 1899 09:00:00



> I've had IP masquerading working fine for the last coupla months.
> Using my Linux box as a gateway, I am able to use my Windows box
> to browse the Web.  I am using RedHat 5.2 (not 6.x).
> Recently I downloaded some software onto my Windows box to which
> requires packets to be forwarded from the Linux box to the Windows
> box; specifically TCP port 51210, and UDP ports 51200, 51201.

You can't directly forward 10.x.y.z addresses through your firewall, as
they are not valid on the Internet.  No one can send packets to those
addresses as they will be dropped by the intervening routers, making
forwarding on the firewall irrelevant.  

With masquerading, all the outside world knows about is your gateway.
So what you need is a way to allow outsiders to send packets to the
*gateway* and have them transferred to the right machine on the inside.
Which means that the gateway needs some knowledge of the protocol.

There are kernel modules for a number of popular protocols that need
this sort of thing.  My 2.2 kernel came with a dozen or so (look in
/lib/modules/x.y.z/ipv4).  There's also the generic "ipautofw" module
that you might be able to configure to do what you want.  See the IP
Masquerading mini-howto for details.

For generic TCP forwarding, you could use something like rinetd.  This
is a small program that binds an address:port on the outside to an
address:port on the inside, thus allowing servers to be behind a
firewall.  This only works for TCP and you only need it if the
connection is initiated from outside.

--
 -| Bob Hauck
 -| Wasatch Communications Group
 -| http://www.wasatch.com/~bobh

 
 
 

1. Unable to forward but masquerading works fine...?

Hello,

I've had IP masquerading working fine for the last coupla months.
Using my Linux box as a gateway, I am able to use my Windows box
to browse the Web.  I am using RedHat 5.2 (not 6.x).

Recently I downloaded some software onto my Windows box to which
requires packets to be forwarded from the Linux box to the Windows
box; specifically TCP port 51210, and UDP ports 51200, 51201.

I use ipfwadm to administer the rules in rc.local:

----
# Rule 1: Set default policy
/sbin/ipfwadm -F -p deny
# Rule 2: Allow masquerading for our little private subnet (10.1.1.X)
/sbin/ipfwadm -F -a m -S 10.1.1.0/255.255.255.0 -D 0.0.0.0/0
# AAA 12/2/1999: for telephoning over the internet
/sbin/ipfwadm -F -a accept -b -P tcp -S 0/0 51210 -D
10.1.1.3/255.255.255.0 51210
/sbin/ipfwadm -F -a accept -b -P udp -S 0/0 51200 -D
10.1.1.3/255.255.255.0 51200
/sbin/ipfwadm -F -a accept -b -P udp -S 0/0 51201 -D
10.1.1.3/255.255.255.0 51201
----

If I do an "ipfwadm -F -l", I get:

IP firewall forward rules, default policy: deny
type  prot source               destination          ports
acc/m all  10.1.1.0/24          anywhere             n/a
acc   tcp  anywhere             10.1.1.3             51210 -> 51210
acc   udp  anywhere             10.1.1.3             51200 -> 51200
acc   udp  anywhere             10.1.1.3             51201 -> 51201

Now...the problem: it doesn't work.  Masquerading is fine, but
forwarding just doesn't work.  Trying to telnet to the Linux Box
at 51210 gets a "connection refused" error.  The software I downloaded
also fails to work.  by the way the software is for making phone
calls on the net (www.dialpad.com).

Any advice?

AAA

Sent via Deja.com http://www.deja.com/
Before you buy.

2. Legsto Networker

3. ipautofw gives error message : setsockopt: Protocol not available and masquerading works fine!

4. curses and newterm

5. IP forwarding and Masquerading working partway (weird problem)

6. Syslog not logging correctly

7. Masquerading Trouble...firewall and forwarding work great. (help)

8. libc5 on makdrake 8?

9. PPPD w/ PAP not working, works fine w/o PAP

10. Linux-Router works fine, just special IPs don't work.

11. FTP works only for anonymous, yet telnet works fine for all

12. IP Masquerading works, but does not masquerade from within the local network

13. AHA 1542 Scsi not working under RH 6.1; worked fine under RH 5.2