On Tue, 16 Oct 2001, Blaise Lab wrote: > Hello, > > I have a LRP Eigerstein2BETA with the modules : > ip_masq_user > ip_masq_autofw > ip_masq_prtfw > ip_masq_mfw > ip_masqpptp > ip_gre > > >From my firewall I can make a telnet on the news server of my provider : > telnet newsserver_ipaddress 119 > But from a computer on my LAN (behind the firewall) I cannot access this > same news server... However, I let go out requests to this news server .... > > ipchains -A output -i $EXTERN_IF -p tcp -s $EXTERN_IP 1024:65535 -d > newsserver_ipaddress 119 -j ACCEPT > ipchains -A input -i $EXTERN_IF -p tcp ! -y -s newsserver_ipaddress 119 -d > $EXTERN_IP 1024:65535 -j ACCEPT > > What am I doing wrong ?
I cannot tell for sure. Comments: a) These commands append rules. Be sure you are invoking this before any final catchall rule intended for logging packets that don't get handled by a special case. You don't say which firewall scripts you are using, but you will usually have to edit the firewall script to do the append before that last rule is invoked, or use the "-I accept 1" option instead of "-A accept". b) Make sure the routing table on your originating machine is clean and straightforward. One problem I have seen is failing to use the correct netmask for your local network... there are valid 192.x.x.x ip addresses that a 255.0.0.0 mask will prevent you from accessing. c) You are masquerading, so by the time any packet is leaving the external interface its source port will be in the range 61000-65095. Allowing outbound connections from lower-numbered ports probably won't hurt, but isn't going to occur unless you try to connect to the newsserver from the firewall (as you did for testing). > > Blaise Lab > Switzerland > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
