Filtered IP access

Filtered IP access

Post by infostrad » Sun, 04 Aug 1996 04:00:00



Someone can help me?

I have placed a Web page in my machine that obtain a internet access
from a server that run with a unix System V release 4.0.

Probably this server has a filter that prevent the access from an IP
address that differ from the subnet in which is installed.

I wish know where I can modify this filter (I have the root password).

Sorry for my bad english and thanks for help.

                                                Ighon


 
 
 

1. IP-Filter, NAT, IPSEC and Nortel Extranet Access Client question

Hi there,

I was wondering if anybody out there could give me some advice?

I've got Nortel Extranet Access Client installed on a Win2k machine that
sits on a private address behind a FreeBSD gateway/firewall.  I need to be
able to run this client through the firewall, and am having difficulty
getting a connection to the Nortel server.

I have IP-Filter 3.4.20, and have applied the patch (originally intended for
2.4.14 but still seems ok with 3.4.20) listed at
http://www.cs.ndsu.nodak.edu/~davlarso/ipf/, recompiled kernel and modules
with:

options         IPSEC
options         IPSEC_ESP
options         IPSEC_DEBUG

The topology of my network is as follows:
ed0 is configured with the outside IP address (1.2.3.4 in this example)
dc0 is the dummy address 10.0.0.1

The client is installed on machine 10.0.0.2.  The server I'm trying to
contact is at 5.6.7.8

Following the directions in the link above, I added the following entries to
/etc/ipnat.conf and ran ipnat with "-f /etc/ipnat.conf" as arguments:

map ed0 10.0.0.1/16 -> 0/32 proxy port 500 udp
rdr ed0 0/32 port 0   -> 10.0.0.2 port 0 esp

I'm getting a message returned that the server is simply not contactable.

Running tcpdump -i ed0 on the gateway, I get the following when attempting
to connect using the client:
23:01:07.957446 1.2.3.4.40004 > 5.6.7.8.isakmp: isakmp: phase 1 I agg: [|sa]
23:01:15.204103 1.2.3.4.40004 > 5.6.7.8.isakmp: isakmp: phase 1 I agg: [|sa]
23:01:23.213835 1.2.3.4.40004 > 5.6.7.8.isakmp: isakmp: phase 1 I agg: [|sa]
23:01:31.228269 1.2.3.4.40004 > 5.6.7.8.isakmp: isakmp: phase 1 I agg: [|sa]

There appears to be no response from the server; however I know that it is
up because I can connect to it from the outside of the firewall.  The Nortel
client simply says "Login Failure due to: Remote host not responding".  This
leads me to believe that the outgoing packets are not being translated
correctly, and the replies are being lost in the ether.

Can anybody help me with this, or point me in the direction of somebody who
can?

Thanks in advance!

Cheerio,
d

--

Dan Makovec
Fat Canary Software

Web - fatcanary.com.au/dan
NetMeeting - callto:dan.fatcanary.com.au
ICQ - 1308090

2. Time Syncing

3. IP Filter/IP NAT vs IPFW/NATD

4. Yahoo article on Open Source software (and Linux)

5. Filters, Filters, where are you Filters...

6. MPD error

7. HELP!! with ip accessing (remote access)

8. Security Holes in Linux

9. access.conf IP-access prob.

10. Forwarding of an IP address for Audio/IP external access

11. IP Access lists with dtnamic IP addresses?

12. Restricted Host IP to access internal for IP Forwarding

13. IP Masquerade Question: Local Access to Server on Ext. IP