[Cooker-firewall] Is UDP port forwarding broken with SNF 7.2?

Sun, 16 Dec 2001 00:32:24 -0800 

Hello,

        I have been having problems with getting my dns servre working
beind a SNF 7.2.  Well I think I found a problem that might be causing it.
It lookes like port forwarding for UDP services is not working.  I have
several ports forwarded through my SNF to a internal server, and here
is the portion of the config that shows that....


..SNIP..
ICMP_AUDIT_TYPES=
TCP_PUBLIC_SERVICES=www (forward=192.168.1.254 action=allow),domain 
(forward=192.168.1.254 action=allow)
UDP_PUBLIC_SERVICES=21 (forward=192.168.1.254 action=allow),53 (forward=192.168.1.254 
action=allow)
TCP_INTERNAL_SERVICES=ssh
..SNIP..

Now here is my /etc/iptoip.xml file

<config>
     <conf>
         <destination>192.168.1.254</destination>
         <port>www</port>
     </conf>
     <conf>
         <destination>192.168.1.254</destination>
         <port>domain</port>
     </conf>
     <total>2</total>    <!-- total number of configurations below -->
     <iface>eth1</iface> <!-- external interface -->
     <nocheck>1</nocheck>    <!-- disable checks (0|1) -->
     <verbose>0</verbose>    <!-- verbose mode (0|1) -->
     <syslog>1</syslog>  <!-- logging mode (0|1) -->

</config>

I see nothing in here about UDP,  Should it be in this file??
Now here is what the Virtual Server Table is showing

[root@firewall jtwatson]# ipvsadm -L -n
IP Virtual Server version 1.0.6 (size=4096)
Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port             Forward Weight ActiveConn InActConn
TCP  24.xxx.xxx.xxx:53 wlc
   -> 192.168.1.254:53               Masq    1      0          0
TCP  24.xxx.xxx.xxx:80 wlc
   -> 192.168.1.254:80               Masq    1      0          0
[root@firewall jtwatson]#

Again, no UDP Services, so lets add them:

[root@firewall jtwatson]# ipvsadm -A -u 24.xxx.xxx.xxx:53 -s wlc
[root@firewall jtwatson]# ipvsadm -a -u 24.xxx.xxx.xxx:53 -r 192.168.1.254:53 -m -w 1
[root@firewall jtwatson]# ipvsadm -L -n
IP Virtual Server version 1.0.6 (size=4096)
Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port             Forward Weight ActiveConn InActConn
UDP  24.xxx.xxx.xxx:53 wlc
   -> 192.168.1.254:53               Masq    1      0          2
TCP  24.xxx.xxx.xxx:53 wlc
   -> 192.168.1.254:53               Masq    1      0          0
TCP  24.xxx.xxx.xxx:80 wlc
   -> 192.168.1.254:80               Masq    1      0          0
[root@firewall jtwatson]#

Now DNS takes of and works like a charm!!!!!  Great!!!

Now does enyone know why this is broken,  maybe it is fixed
and I just need to upgrade a package??

Thanks for any input


Joseph

Reply via email to