Masquerading and internet port => localnet port ?

Masquerading and internet port => localnet port ?

Post by Fred » Mon, 23 Oct 2000 04:00:00



Hi,

I got a problem on my linux...setup is a local 192.168.1.x network and a
ppp connection to the internet. Now whats not working is if someone
tries to phone (using an ip-phone program like buddyphone) to my windows
pc (which has the localnet
ip 192.168.1.11).  Now what I wanna do is this : If I tell someone my
real internet ip (the one of my linux) and if someone tries to call my
at that ip I want the  udp frame which is send to port 700 of my linux
to be forwarded to 192.168.1.11 so the connection can be setup....I
tried netcat but maybe I screwd up...it wont work with   netcat -l -u -p
700 192.168.1.11 700
Btw I already opened up port 700 of the firewall..that was not the
problem...

Anybody ? Please help...I have been working on this for several hours
now and its starting to suck ;-)

If you have a clue let me know

 
 
 

Masquerading and internet port => localnet port ?

Post by Steve Co » Mon, 23 Oct 2000 04:00:00



> Hi,

> I got a problem on my linux...setup is a local 192.168.1.x network and a
> ppp connection to the internet. Now whats not working is if someone
> tries to phone (using an ip-phone program like buddyphone) to my windows
> pc (which has the localnet ip 192.168.1.11).  Now what I wanna do is
> this : If I tell someone my real internet ip (the one of my linux) and
> if someone tries to call my at that ip I want the  udp frame which is
> send to port 700 of my linux to be forwarded to 192.168.1.11 so the
> connection can be setup....I tried netcat but maybe I screwd up...it
> wont work with   netcat -l -u -p
> 700 192.168.1.11 700
> Btw I already opened up port 700 of the firewall..that was not the
> problem...

> Anybody ? Please help...I have been working on this for several hours
> now and its starting to suck ;-)

> If you have a clue let me know

Hi,

this may be a reason you are having this problem - or may be one you
could come up against after you get arround the current one.

The ipchains firewall - when using forwarding/MASQ to hide internet ip
addresses - only alters the source ip address of outgoing packets by
default. Many protocols, ftp, realaudio, VPNs etc, will also place the
local ip address encapsulated WITHIN the packet. Therefore, this address
is not translated by ipchains rules and the return packets cannto find
your MASQed box.  The way around this is to use "Application Gateways"
and in the linx/ipchains world, thes are know as masq modules - eg:
ip_masq_ftp ip_masq_raudio, ip_masq_irc. it may be that you need such an
application gateway for your ip phone to also allow outgoing
connections/replies as well as using  to forward port connections though
the ipchains firewall. To  forward incoming port connections to an
internal 'hidden' machine, you'll also need the IPMASQADM function.

A nice little primer on this is:

http://www.cyborgworkshop.com/ipchains.html

 
 
 

Masquerading and internet port => localnet port ?

Post by Da FaNTo » Mon, 23 Oct 2000 04:00:00


You should be able to get away with something like
ipmasqadm autofw -A -v -r udp 700 -h 192.168.1.x

where 192.168.1.x is your Win Machine.
That will just forward all udp packets comeing in on 700 to your windows
machine. Most work arounds are similar to that.


> Hi,

> I got a problem on my linux...setup is a local 192.168.1.x network and a
> ppp connection to the internet. Now whats not working is if someone
> tries to phone (using an ip-phone program like buddyphone) to my windows
> pc (which has the localnet
> ip 192.168.1.11).  Now what I wanna do is this : If I tell someone my
> real internet ip (the one of my linux) and if someone tries to call my
> at that ip I want the  udp frame which is send to port 700 of my linux
> to be forwarded to 192.168.1.11 so the connection can be setup....I
> tried netcat but maybe I screwd up...it wont work with   netcat -l -u -p
> 700 192.168.1.11 700
> Btw I already opened up port 700 of the firewall..that was not the
> problem...

> Anybody ? Please help...I have been working on this for several hours
> now and its starting to suck ;-)

> If you have a clue let me know

 
 
 

1. port forwarding + Masq. (localnet to localnet).

Hello,
I got a few questions.

Is there a way to get ipchains masq. to kick in before
ipmasqadm portfw  ??

What is the difference between ipmasqadm portfw and
ipmasqadm fwd ?
I know the second you need to mark the packets as
they come in, but what are the advantages and
disadvantages between them ?

Thanks for any help.
Jim,

2. Talk problem in linux

3. AUDIT: client 8 rejected from IP <ip> port <port> ????

4. HP 722c Printer

5. Setup internet-> firewall->masquerading router->private network

6. Promise 20275 with S-ATA

7. RH5.0, masquerading problem Win95 -> Linux -> Internet

8. Installing Linux on an OmniBook 600C

9. ports/27748: Update port: java/orion (1.4.5_4 -> 1.4.5_5)

10. SMTP port 25 -> port ??

11. UDP/TCP ports -> protocol port

12. >Why BSD port to Mac exists but not Linux port ?!?!?!?

13. port 3 > port 1