Linux Masquerading and Port Forwarding

Linux Masquerading and Port Forwarding

Post by Fred Wetz » Wed, 12 Jun 2002 00:29:41



Hello...

I have a big problem and hope someone can help me.
I have installed Suse 7.3, isdn dial-up to my isp and basic Maquarading with
the following commands.
eth1 is the internal net 192.168.2.x which i dont use because i dont know
how to create the dmz thing.
ppp0 is my ISDN interface where i dial to my ISP and eth0 is my internal
network 192.168.1.x

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

well.. all works fine except some games and other stuff.. for testing
purposes i don't have any security right now.
So, my problem is i must forward all incoming traffic to ports 2300-2400,
47624 and 6073 to my machine with
the ip 192.168.1.1 ... maybe outgoing, too ? How must i do this with
iptables so it'll work..

Thanks in advance... :-)

 
 
 

Linux Masquerading and Port Forwarding

Post by jdd » Tue, 11 Jun 2002 02:53:38



> Hello...

> I have a big problem and hope someone can help me.
> I have installed Suse 7.3, isdn dial-up to my isp and basic Maquarading with

in suse, 7.3, the personnal firewall takes care of security and
forwarding, just a "yes" to give in rc.config.

may be this can be better for you. however, I of course don't know what
are exactly the rules set by suse.
jdd

--
<http://www.dodin.net>
Formation Linux dbutants open

 
 
 

Linux Masquerading and Port Forwarding

Post by Fred Wetz » Wed, 12 Jun 2002 02:46:20


Well.. it does only outgoing connections and rejects all incoming so that
doesn't work.
I only want to know the iptables commands so incoming connections will be
forwarded to my client.



Quote:

> forwarding, just a "yes" to give in rc.config.

> may be this can be better for you. however, I of course don't know what
> are exactly the rules set by suse.
> jdd

 
 
 

Linux Masquerading and Port Forwarding

Post by William Par » Tue, 11 Jun 2002 04:33:21



> Hello...

> I have a big problem and hope someone can help me.
> I have installed Suse 7.3, isdn dial-up to my isp and basic Maquarading with
> the following commands.
> eth1 is the internal net 192.168.2.x which i dont use because i dont know
> how to create the dmz thing.
> ppp0 is my ISDN interface where i dial to my ISP and eth0 is my internal
> network 192.168.1.x

> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

> well.. all works fine except some games and other stuff.. for testing
> purposes i don't have any security right now.
> So, my problem is i must forward all incoming traffic to ports 2300-2400,
> 47624 and 6073 to my machine with
> the ip 192.168.1.1 ... maybe outgoing, too ? How must i do this with
> iptables so it'll work..

> Thanks in advance... :-)

Stop posting twice.  What is the IP of this router?  If it's already
192.168.1.1, then you would use REDIRECT.  If it's different, then you
would use DNAT.

--

8-CPU Cluster, Hosting, NAS, Linux, LaTeX, python, vim, mutt, tin

 
 
 

Linux Masquerading and Port Forwarding

Post by Fred Wetz » Wed, 12 Jun 2002 04:09:27


My Routers IP is 192.168.1.254




> > Hello...

> > I have a big problem and hope someone can help me.
> > I have installed Suse 7.3, isdn dial-up to my isp and basic Maquarading
with
> > the following commands.
> > eth1 is the internal net 192.168.2.x which i dont use because i dont
know
> > how to create the dmz thing.
> > ppp0 is my ISDN interface where i dial to my ISP and eth0 is my internal
> > network 192.168.1.x

> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

> > well.. all works fine except some games and other stuff.. for testing
> > purposes i don't have any security right now.
> > So, my problem is i must forward all incoming traffic to ports
2300-2400,
> > 47624 and 6073 to my machine with
> > the ip 192.168.1.1 ... maybe outgoing, too ? How must i do this with
> > iptables so it'll work..

> > Thanks in advance... :-)

> Stop posting twice.  What is the IP of this router?  If it's already
> 192.168.1.1, then you would use REDIRECT.  If it's different, then you
> would use DNAT.

> --

> 8-CPU Cluster, Hosting, NAS, Linux, LaTeX, python, vim, mutt, tin

 
 
 

Linux Masquerading and Port Forwarding

Post by David Ya » Wed, 12 Jun 2002 00:58:39



> Well.. it does only outgoing connections and rejects all incoming so that
> doesn't work.
> I only want to know the iptables commands so incoming connections will be
> forwarded to my client.



>> forwarding, just a "yes" to give in rc.config.

>> may be this can be better for you. however, I of course don't know what
>> are exactly the rules set by suse.
>> jdd

Use SuSEfirewall2. This will give you better control of your firewall and
you don't need to mess around with iptable scripts.
 
 
 

Linux Masquerading and Port Forwarding

Post by jdd » Wed, 12 Jun 2002 02:46:40




>>Well.. it does only outgoing connections and rejects all incoming so that
>>doesn't work.
>>I only want to know the iptables commands so incoming connections will be
>>forwarded to my client.



>>>forwarding, just a "yes" to give in rc.config.

>>>may be this can be better for you. however, I of course don't know what
>>>are exactly the rules set by suse.
>>>jdd

> Use SuSEfirewall2. This will give you better control of your firewall and
> you don't need to mess around with iptable scripts.

on 7.3 firewall 2 was quite complex. now with suse 8.0 it's a matter of
clicking some very simple options.

howaver I have problem downloading big files, they stop after 85ko
(some, not all)

do you think it can be a firewall problemm (I don't really undertand
what is active and passive ftp)

thanks
jdd

--
<http://www.dodin.net>
Formation Linux dbutants open

 
 
 

Linux Masquerading and Port Forwarding

Post by David Ya » Wed, 12 Jun 2002 08:26:40





>>>Well.. it does only outgoing connections and rejects all incoming so that
>>>doesn't work.
>>>I only want to know the iptables commands so incoming connections will be
>>>forwarded to my client.



>>>>forwarding, just a "yes" to give in rc.config.

>>>>may be this can be better for you. however, I of course don't know what
>>>>are exactly the rules set by suse.
>>>>jdd

>> Use SuSEfirewall2. This will give you better control of your firewall and
>> you don't need to mess around with iptable scripts.

> on 7.3 firewall 2 was quite complex. now with suse 8.0 it's a matter of
> clicking some very simple options.

> howaver I have problem downloading big files, they stop after 85ko
> (some, not all)

> do you think it can be a firewall problemm (I don't really undertand
> what is active and passive ftp)

> thanks
> jdd

With SuSE 7.3, have a look at the configuration file
/etc/rc.config.d/firewall.rc.config and the documentation in
/usr/share/doc/packages/SuSEfirewall.

With SuSE 8.0, the config files are in /etc/sysconfig/SuSEfirewall2 and
documentation in /usr/share/doc/packages/SuSEfirewall2.

Forget configuring it with YaST2 - it is buggy and you run the risk of
corrupting your configuration files as I found. :-/

There's a good explanation of "active" and "passive" modes on
http://slacksite.com/other/ftp.html

Hmmm, don't know about your problem with files. The only time I have
experienced a similar problem was when I was using the ftp option in
Midnight Commander to download. That used to stop after a while but I
cannot remember exactly when. I never traced the fault either but I think
it was time related and the server closed the connection, but I really
don't know as I haven't downloaded any files > 56Mb recently. I don't think
it's a firewall problem though.

 
 
 

1. Linux Masquerading and Port Forwarding

Hello...

I have a big problem and hope someone can help me.
I have installed Suse 7.3, isdn dial-up to my isp and basic
Maquerading.

Here is the data of my configuration

Internal Router/GW Ip: 192.168.1.254 / eth0  (Internal Network)

Internal Router/GW IP: 192.168.2.254 / eth1  (Same PC with second
Interface - disabled right now) Later use for dmz (dont know how to do
it)

ppp0 is my Internet-Connection interface when i dial to my ISP.

Client PC to which incoming traffic on specific ports should be
forwarded
IP: 192.168.1.1

Here is my basic Masquerading configuration.

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

well, all works fine except some games and other stuff.
For testing purposes i don't have any security right now.
So, my problem is that i must forward all incoming traffic to ports
2300-2400,
47624 and 6073 to my machine with
the ip 192.168.1.1 ... maybe outgoing, too ? How must i do this with
iptables so it'll work..
The best would be to here the iptables commandline which i must type
so i know how it works.

Thanks in advance... :-)

2. nslookup usage

3. HELP Port Forwarding on Linux: Dest Port Known, Source Port High (1024-65535)

4. X is a pagan demigod

5. forward/masquerade UDP traffic for specific port #

6. A confuse configuration

7. Masquerading and port forwarding

8. Redhat 3.0.3 install dies

9. ipchains and masquerading and port forwarding

10. IPTABLES, Port Forwarding, Masquerade, IRC & ICQ Phone...

11. IP masquerading and port forwarding

12. IP Masquerade, Port Forwarding ICQ

13. Masquerading and selective port forwarding