On 1 Feb, Fuzzy Fox wrote:
The exact nature of your question is not clear to me, since you have
mentioned so many different connection points that I don't understand.
However, if you mean "Can a person on the global Internet telnet
directly to one of my boxes on my private LAN?" the answer is NO. The
only way you can allow that to happen is by setting up port forwarding.
I'm sorry I'm doing such a poor job of asking these questions. It's due
in part to my trying to avoid explaining the applications use and
nature since most of that is unimportant. Let me take another shot at
it this way. The application is a program that communicates with TCP/IP
protocols and ports, just like Linux. The application is called JNOS.
Now here is what I have in the simplest terms I can come up with.
My Linux kernel makes a ppp connection to my provider and gets a
dynamic address. Lets say it's 205.1.1.20.
My Linux kernel has an internal SLIP link to this JNOS application.
The Linux end of this SLIP link uses 192.168.1.1
The JNOS end of this SLIP link uses 192.168.1.2
They both can communicate with each other (ping, ftp, telnet, etc.)
I have the following bare minimum (for testing only) in my rc.local
file
#
echo Starting ipfwadm firewall...
#
# flush
ipfwadm -F -f
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -I -a accept
ipfwadm -F -a accept
ipfwadm -O -a accept
# allow my lan access to all dests
ipfwadm -F -a m -b -S 192.168.1.0/24 -D 0.0.0.0/0
#
This allows my JNOS program using 192.168.1.2 to access the internet via
the Linux ppp0 connection. This works fine as far as I can tell and I
assume that the masquerading is actually sending the packets out using
my 205.1.1.20 dynamic address and when packets come back in, they are
being directed to my JNOS program to it's 192.168.1.2 address (based on
the above ipfwadm parameters).
Now my question is... My JNOS program contacts a computer on the
internet (using this masquerading) and tells it to contact me at my
currently used address (with masquerading this would look like the ppp0
addres?). If that computer at the distant end now initiates a telnet,
ping, ftp, intended to reach my JNOS program, how can I have my JNOS
program receive this incoming packet? Is it possible to redirect ALL
packets coming in from just that one distant computer on ppp0 so they
are always passed to my JNOS application?
--
Scott Felton - Mount Joy, PA USA
Slackware Linux v.3.6.0
[EMAIL PROTECTED]
http://www.k3ir.ampr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]