How to NOT masquerade some ports??

How to NOT masquerade some ports??

Post by y.. » Fri, 29 Oct 1999 04:00:00



Hi all!

I have a problem with my ip-masqueraded LAN. A linux router (kernel
2.2.11) is used for NAT and masquerading because I only get one IP
address (dynamicly).

Now the problem:
On one PC in my LAN a special TCP/IP-Client is running which is using
UDP ports for sending at 57881 and receiving 58313 and TCP ports
1621-1623.

The server for the client program with the IP-Number 111.222.333.444
waits to receive unmasqueraded packets and then sends the UPD packets at
the specific port.

What I have to do is to route the UDP port numbers 58313 & 57881 and TCP
Ports 1621-1623 directly from the one PC to the 111.222.333.444 server
over my linux router.

I tried ipmasqadm (portfw and autofw) without success. Perhaps I did it
wrong or I have to do somethings to my ipchains...?

If my configuration is as following:

linux router (ippp0) : 192.168.0.90 (Inet, dynamically assigned IP)
linux router (eth0):   192.168.1.10 (LAN)
No firewall rules are enabled, only masquerading and network address
translation.

PC (clyde.berlin.de): 192.168.1.11
external Inet server 111.222.333.444

how can I redirect the above ports through my linux router so that the
machine 111.222.333.444 gets no masqueraded packets and the packets are
correct forwarded?

After starting the client program on the PC,
ipchains -L -M shows the masqueraded packets (but there is no response
from the server 111.222.333.444). (clyde.berlin.de = 192.168.1.11,
gw1.ibllc.com = 111.222.333.444)

TCP  00:41.82 clyde.berlin.de      gw1.ibllc.com        1623 (61396) ->
1997
TCP  01:41.63 clyde.berlin.de      gw1.ibllc.com        1622 (61395) ->
1997
TCP  01:41.09 clyde.berlin.de      gw1.ibllc.com        1621 (61394) ->
1997
UDP  04:53.05 clyde.berlin.de      gw1.ibllc.com       58313 (61398) ->
57881 6
TCP  00:41.82 clyde.berlin.de      gw1.ibllc.com       1623 (61396) ->
1997
TCP  01:41.63 clyde.berlin.de     gw1.ibllc.com        1622 (61395) ->
1997
TCP  01:41.09 clyde.berlin.de     gw1.ibllc.com        1621 (61394) ->
1997
UDP  04:53.05 clyde.berlin.de     gw1.ibllc.com        58313 (61398) ->
57881

My ipchains -L shows:
(kommissar.berlin.de = 192.168.1.10: linux router,
 DAHEIM: 192.168.1.0)
target     prot opt     source                destination
ports
-          all  ------  anywhere              kommissar.berlin.de   n/a
-          all  ------  anywhere              192.168.0.99          n/a
Chain forward (policy ACCEPT):
target     prot opt     source                destination
ports
user_msq   all  ------  DAHEIM/24             anywhere              n/a
Chain output (policy ACCEPT):
target     prot opt     source                destination
ports
-          all  ------  kommissar.berlin.de   anywhere              n/a
-          all  ------  192.168.0.99          anywhere              n/a
Chain user_msq (1 references):
target     prot opt     source                destination
ports
MASQ       all  ------  anywhere              anywhere              n/a

Please help me. I'm searching for a solution for above 3 weeks without
success!

Thank you very much,
Yoay

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

How to NOT masquerade some ports??

Post by Floyd » Sat, 30 Oct 1999 04:00:00


if you're not masquerading the packets from the internal machine, where
would you propose the outside machine send the packets back to you?
Remember your internal network is non-routable by ips numbers as well ahs
the fact that you only have 1 IP routed to you by the ISP.  So if it's not
comming from YOUR 1 ip, how is it getting back to you?

now, if your external isp is REALLY 192.168.0.90, you've got other problems
because your ISP is also doing NAT of some sort, since 192.168.*.* are
nonroutable IPs.

it looks as though your ISP is also doing NAT (if your external IP is REALLY
192.168.?.?)


> Hi all!

> I have a problem with my ip-masqueraded LAN. A linux router (kernel
> 2.2.11) is used for NAT and masquerading because I only get one IP
> address (dynamicly).

> Now the problem:
> On one PC in my LAN a special TCP/IP-Client is running which is using
> UDP ports for sending at 57881 and receiving 58313 and TCP ports
> 1621-1623.

> The server for the client program with the IP-Number 111.222.333.444
> waits to receive unmasqueraded packets and then sends the UPD packets at
> the specific port.

> What I have to do is to route the UDP port numbers 58313 & 57881 and TCP
> Ports 1621-1623 directly from the one PC to the 111.222.333.444 server
> over my linux router.

> I tried ipmasqadm (portfw and autofw) without success. Perhaps I did it
> wrong or I have to do somethings to my ipchains...?

> If my configuration is as following:

> linux router (ippp0) : 192.168.0.90 (Inet, dynamically assigned IP)
> linux router (eth0):   192.168.1.10 (LAN)
> No firewall rules are enabled, only masquerading and network address
> translation.

> PC (clyde.berlin.de): 192.168.1.11
> external Inet server 111.222.333.444

> how can I redirect the above ports through my linux router so that the
> machine 111.222.333.444 gets no masqueraded packets and the packets are
> correct forwarded?

> After starting the client program on the PC,
> ipchains -L -M shows the masqueraded packets (but there is no response
> from the server 111.222.333.444). (clyde.berlin.de = 192.168.1.11,
> gw1.ibllc.com = 111.222.333.444)

> TCP  00:41.82 clyde.berlin.de      gw1.ibllc.com        1623 (61396) ->
> 1997
> TCP  01:41.63 clyde.berlin.de      gw1.ibllc.com        1622 (61395) ->
> 1997
> TCP  01:41.09 clyde.berlin.de      gw1.ibllc.com        1621 (61394) ->
> 1997
> UDP  04:53.05 clyde.berlin.de      gw1.ibllc.com       58313 (61398) ->
> 57881 6
> TCP  00:41.82 clyde.berlin.de      gw1.ibllc.com       1623 (61396) ->
> 1997
> TCP  01:41.63 clyde.berlin.de     gw1.ibllc.com        1622 (61395) ->
> 1997
> TCP  01:41.09 clyde.berlin.de     gw1.ibllc.com        1621 (61394) ->
> 1997
> UDP  04:53.05 clyde.berlin.de     gw1.ibllc.com        58313 (61398) ->
> 57881

> My ipchains -L shows:
> (kommissar.berlin.de = 192.168.1.10: linux router,
>  DAHEIM: 192.168.1.0)
> target     prot opt     source                destination
> ports
> -          all  ------  anywhere              kommissar.berlin.de   n/a
> -          all  ------  anywhere              192.168.0.99          n/a
> Chain forward (policy ACCEPT):
> target     prot opt     source                destination
> ports
> user_msq   all  ------  DAHEIM/24             anywhere              n/a
> Chain output (policy ACCEPT):
> target     prot opt     source                destination
> ports
> -          all  ------  kommissar.berlin.de   anywhere              n/a
> -          all  ------  192.168.0.99          anywhere              n/a
> Chain user_msq (1 references):
> target     prot opt     source                destination
> ports
> MASQ       all  ------  anywhere              anywhere              n/a

> Please help me. I'm searching for a solution for above 3 weeks without
> success!

> Thank you very much,
> Yoay

> Sent via Deja.com http://www.deja.com/
> Before you buy.


 
 
 

1. HOw not masquerade port ?

Hi,
my masquerading firewall work well , but sometime i don't need to
masquerade port
but i need to change only sender IP and not PORT (masquerading set
sender port to 60000-65000 range ad IP to ppp0's IP).
How can I do that ? (Receiver Computer accept UDP Message only coming
from 1719 PORT)
Many Thank
Giulia

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQBtAzTy/2AAAAEDAONDe9aKLgg9VnfWMV9VsTANTLlMMpRIH6okPVvJiNnbwoYd
VJV9/gNw/dmNGMXJg1izxKaoQWyZn/3mzOnvK8mvk8NL/KfBKd85sttzIOYjQiHV
rT3SPk4g0F+R8yHz3QAFE7QjZ2l1bGlhPGZhcjU4OTNAaXBlcmJvbGUuYm9sb2du
YS5pdD6JAHUDBRA08v9hINBfkfMh890BAXLjAv9SHgyJyxYpLFVFV5IPZbqwQ8fQ
gx+3LacWDFwrCdpdZOQtIEba4Cc1qWDY3AzYHBBBKhLD2OVnDyJDGeW+fnfZEOXd
kb2JvytEleDAw7pP/zsH8xj6WwbWu6gzjXPjk5s=
=W/hV
-----END PGP PUBLIC KEY BLOCK-----

2. rtf->ascii script needed

3. IP Masquerading works, but does not masquerade from within the local network

4. Any way to 'transfer' a terminal session?

5. IP MASQuerading NOT Masquerading?

6. postgresql on AIX?

7. Problem with SLIP connection

8. Masquerading and internet port => localnet port ?

9. printer port not showing - adding new port

10. apache listen to port 80, another standalone apache+modssl listen port 443, not working..?!

11. Constraints on "secure" port assignments -- NOT port 80

12. port tunneling over ssh (not port-forwarding in the traditional sense)