Re: [expert] msec and ipmasq/ipchains

Sat, 8 Jan 2000 12:45:29 -0800 

Thanks for the response Ax'
Do you People ever sleep!!?? :-)

"Cooker's" looking really nice just wish List-mail
was getting through regularly !?

Browsing mandrakeuser.org's article on
ip-masquerading;http://www.mandrakeuser.org/connect/cipc.html
as well as IP Masq HowTo's
http://members.home.net/ipmasq/ipmasq-HOWTO-1.80-5.html

I have client machine able to ping,ftp etc
to server, which has a static ip cable-modem.
The client can ping the nic# of both cards,
eth0 and eth1 of server; ip#s changed for this
public display of my "cluelessness",

I have created an '/etc/rc.d/rc.firewall' as suggested
in HowTo, mandrakeuser.org calls it  'rc.masq'

#/sbin/depmod -a  <I have commented and un' this one>
echo -n "Setting IP chains...'
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_vdolive
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_user
/sbin/modprobe ip_masq_portfw
/sbin/modprobe ip_masq_mfw
echo "1" > /proc/sys/net/ipv4/ip_forward
# Enable simple IP forwarding and Masquerading
    #
    #  NOTE:  The following is an example for an internal LAN address in
the
    #  192.168.0.x network with a 255.255.255.0 or a "24" bit subnet
mask.
    #
    # Please change this network number and subnet mask to match your
internal LAN setup
    #
    /sbin/ipchains -P forward DENY
    #/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
    /sbin/ipchains -A forward -s 192.168.0.11/32 -j MASQ
    #asf.
    #/sbin/ipchains -A forward -s 192.168.0.11/24 -j MASQ
    #/sbin/ipchains -A forward -i eth1 -d 192.168.1.0/24
    #/sbin/ipchains -A forward -i eth0 -d 192.168.0.1/24
    /sbin/ipchains -A forward -j DENY -p tcp -s 0.0.0.0/0 137:139
    /sbin/ipchains -A forward -j DENY -p udp -s 0.0.0.0/0 137:139
    #/sbin/ipchains -A forward -s 192.168.0./24 -j MASQ
    #echo "Ready to go."

I have messed around with various configurations of the above
So From:-->Client eth0 192.168.0.11 -->
-->eth1 192.168.0.10 Gateway into Server-->
-->eth0 -->static IP -->STOP<gateway to the outside world>
I can get that far but no further!
ipv4 forwarding is enabled in 'netcfg'

Any help would be appreciated.

If I have also "opened massive security risks from JQPUBLIC"
I would like to know as well

William Bouterse
Juneau Alaska

Reply via email to