Hi,
Every now and again I see a bunch of outgoing ICMP messages being logged by
my ipfwadm rules because they 'appear' to come from my internal network.
Just like the following:
Feb 10 19:53:31 The-Tardis kernel: IP fw-out deny eth1 ICMP/3 192.168.0.2
208.195.144.25 L=56 S=0x00 I=62255 F=0x
Anyone in this list using kernel 2.0.35/36 can do a ping to some site to
internet, and for the linux masquerade server can do a netstat -M ??? what
do it report??? if it come up with an error it si like me, if it report
nothing the icmp masquerading isn't working, if it come up with somthing
Again, someone having problems with FTP:
I'm a bit confused about what port mode and passive mode is. So here a
description of my problems:
Simple IP masquerading (e.g. HTTP) works fine. ip_masq_ftp module is
loaded.
FTP works fine if data is tranferred on a connection initiated by the
remote
Hi everyone.
As I am using the mentioned configuration (RedHat 5.2 with kernel 2.0.36) I
gave this a try and my results seem to backup what Michele is saying:
BEFORE pinging I typed in the following two commands and got the expected
response:
ipfwadm -M -l
IP masquerading entries
prot
Incoming traffic routes correctly to each machine, outgoing net connections
for FTP, WWW, etc. also work fine. However I cannot access http://www.xoom.com
- the address resolves and starts to make a connection and then times out.
Can I add that web access to Xoom works fine when running the
THEN I did a "ping www.linux.org" on my internal machine and got the
following
results:
Now it is important to say this: it works??? It si clear that the
net-tools doesn't show the packets status, but the client is working
well
Michele
Hi everybody,
First I thank
David [EMAIL PROTECTED] ,
Fuzzy [EMAIL PROTECTED] and
Lourdes [EMAIL PROTECTED]
for their explanations.
I'm sorry for some of you, but maybe I will be a bit boring.
In fact, in spite of all your explanations,
all the things related to the rules -F -I -O are still
not
I have my MASQ box working with diald and a very basic rule set (thanks
David!) but thats not the end of the story.
As the MASQ box is also my mail and fax server, things have started to get
a little complex. To stop Sendmail from dialing out every time I send an
e-mail to the server, Sendmail
Hey Everyone:
- All interfaces (any network cards, the localhost
interface, etc) on a Linux box have INPUT, OUTPUT,
and FORWARD rules.
So does that mean I have to write -I rules AND -O rules
for BOTH NIC ???
You don't have to but you won't be securing the Linux box
very well without
"Jose M. Sanchez" wrote:
This is really several problems all balled into one...
1) You MUST recompiled the kernel and enable autofw. It is not on by
default.
I have autofw, portfw, and mfw all built as modules, and ipmasqadm
works.
2) You must determine the ports the program uses.
Michele Nicosia [EMAIL PROTECTED] wrote:
Anyone in this list using kernel 2.0.35/36 can do a ping to some site
to internet, and for the linux masquerade server can do a netstat -M?
What does it report???
Mine says:
netstat.c: feature `FW_MASQUERADE' not supported.
Please recompile
Gerd Foerster [EMAIL PROTECTED] wrote:
I'm a bit confused about what port mode and passive mode is.
In normal port-mode FTP, the client asks the server to make a connection
back to it, on a port chosen by the client, in some high-port range.
In passive FTP, the client asks the server for a
Hey Guys..
Recently I've been getting these packet logs to a friend
of mine's machine:
--
Feb 10 23:22:59 trinity2 kernel: IP fw-out deny eth0 ICMP/3 192.168.0.1
24.0.75.172 L=106 S=0xD0 I=24193 F=0x T=64
Feb 10 23:23:02 trinity2 kernel: IP fw-out deny eth0 ICMP/3 192.168.0.1
24.0.75.172
I have forwarding working with everything I need but gre over ip. I compiled with
this option, and think that I have all the modules I need loaded.
I sniffed on an attempted connection to a VPN server, and see that the gre are the
only packets not being masqueraded. Does any one know of the
On 11 Feb 99, at 11:36, David A. Ranch wrote about
"[masq] How a firewall works...":
|...
| Now, I don't want to confuse you more but you might be thinking
| that letting in ALL high ports back into your Linux box is
| a BAD thing.
|
| You know what?.. YOUR RIGHT!
|...
Why,
I need to forward port 81 from the masq machine to a windows machine on my
local lan. The server software that i need to run is avail only on the
windows platform, no unix variations yet...
i did the following
ipautofw -A -r tcp 81 81 -h 192.168.1.102
ipautofw -A -r udp 81 81 -h 192.168.1.102
Is there such a list
that these topics could be taken to, so that they receive the wider
audience that they deserve? Or if there is no such list, is there any
interest in creating one?
Not that I'm aware of. There are a lot of Linux newsgroups out there
but I don't frequent them at all.
If
I have set up a linux box to connect our local win95(sorry) network to
internet via a slip connection using a cable modem.
Are you really running SLIP on-top of a TCP/IP enabled cablemodem?
Any reason why? VPN.. of sorts?
Proto Recv.-Q Send-Q Local AddressForeign Address
For some clients, parts of the Internet disappear. you can't ping, ftp,
or http to some
adresses, while to others you can.
When I reboot my masq-gate, everything seems to turn back to normal.
Few Qs:
What linux kernel version?
IPFWADM or IPCHAINS?
Send a copy
19 matches
Mail list logo