Hmm. I haven't looked at the ipmasqadm tools... I haven't needed to do anything like this with my firewall, seeing as I've just had to masquerade with nothing fancy. I also heard there was a program on freshmeat sometime back that converted ipfwadm and ipportfw etc commands to ipchains... I heard it didnt work 100%, but it might do some good as well (I would be the last to know on this one).
linux/Documentation/Changes says you need to get ipmasqadm for masq forwarding, but given my setup currently, AFAIC that's not 100%% true. I think you only need it in case you're doing something different, so I would go for chewie's advice here and download that. I think I'll have to give it a whirl one of these days too. Happy firewalling! Do Svidonia, Martin Held Electrical Engineering, Oregon State University [EMAIL PROTECTED] http://dione.staticky.com// ------------------- I can picture in my mind a world without war, a world without hate. And I can picture us attacking that world, just because they'd never expect it. On Wed, 30 Jun 1999, ^chewie wrote: > > On Wed, 30 Jun 1999, Franz Skale wrote: > > > > Installed kernel: 2.2.10 > > > > firewall:~# ipautofw -A -r udp 6970 6999 -c tcp 554 > > setsockopt: Protocol not available > > firewall:~# > > > > Can anyone tell me how to solve the problem. I nearly searched the > > "whole Internet" but didn`t find any working solutions for this > > problem. > > On Tue, 29 Jun 1999, Martin Held wrote: > > > You have to use ipchains with a 2.2.x kernel. ipautofw doesn't > > work under 2.2 kernels. > > > > I think what you want is something along the lines of > > > > ipchains -A input -j REDIRECT -p <protocol> -s 0/0 and so on. > > > > I would read the ipchains howto. There's lots of stuff you can do > > with it... it replaces ipautofw, portfw, etc. > > Franz, I'm not sure how exactly you'd use vanilla ipchains to do the > same functionality as ipautofw. I've read the FAQs and haven't found > any answer other than having to download the ipmasqadm tools from > http://juanjox.kernelnotes.org. The ipmasqadm tool works with > ipchains and the new firewall code and replaces ipportfw and ipautofw > with "ipmasqadm portfw ..." and "ipmasqadm autofw..." > > I believe that Martin is simply suggesting that you force the desired > range of udp port connetions through a single port through > redirection. This may not be what you would like to do. Ipmasqadm > uses the same syntax as ipautofw, so if you're used to using that, go > for ipmasqadm. >
