Charles Steinkuehler wrote:
>
> You *DO* need to have your DMZ system setup correctly, however. It needs an
> IP in the 291.268.10.0/24 subnet, and it needs to use the DMZ interface of
> the firewall (192.168.10.254) as it's default gateway.
I assume that you meant 192.168.1.0/24. Here is the output from route on
the host:
$ /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.10.0 * 255.255.255.0 U 0 0 0
eth0
127.0.0.0 * 255.0.0.0 U 0 0 0
lo
default 192.168.10.254 0.0.0.0 UG 0 0 0
eth0
But I still can't browse. In fact I really don't seem to be able to get
past the firewall
at all. We know pings don't get out. FTP will work between the subnets
but I can't resolve
names outside the firewall.
> > The DMZ_SERVER settings are going to be a problem though if I can't use
> > a range of addresses. The game servers I am using seem to want udp 27910
> > to 27961
> > and tcp 27950 to 27952. Any suggestions?
>
> You can do this with the autoforward command, but there are no hooks for
> this in network.conf, so you'll have to manually add the necessary commands.
> The easiest (and most logical) place to put them is probably the
> /etc/ipchains.forward file. Try getting a simple service (like web or ssh)
> working with the existing network.conf hooks, then add the autoforward rules
> once everything else is working OK.
>
> NOTE: You will also need to add some IP Masquerade rules if you want to use
> the public IP of the gameserver from the internal network...these rules can
> go in the ipchains.forward file as well.
>
> I don't recall off-hand exactly what you'll need for the autoforward and
> masquerade rules, and don't have time to dig into it right now...you can use
> the rules created for the simple service (www/ssh) as an example. Note that
> you *CAN* use port-ranges in the ipchains masquerade rules, just not when
> doing port-forwarding. If memory serves, you'll wind up with a port-forward
> rule for each service (auto-forward for your game-server range), and a
> reverse-masquerade rule to the internal network for each service or
> port-range.
OK Here is what I thought would work:
$IPCHAINS -A input -s 0/0 -d $EXTERN_IP/32 4242 -p tcp -j ACCEPT
$IPCHAINS -A input -s 0/0 -d $EXTERN_IP/32 27901 -p tcp -j ACCEPT
$IPCHAINS -A input -s 0/0 -d $EXTERN_IP/32 27901 -p udp -j ACCEPT
$IPCHAINS -A input -s 0/0 -d $EXTERN_IP/32 27910:27961 -p udp -j ACCEPT
$IPCHAINS -A input -s 0/0 -d $EXTERN_IP/32 27950:27952 -p tcp -j ACCEPT
$IPMASQADM portfw -a -P tcp -L $EXTERN_IP 4242 -R 192.168.10.1 4242
$IPMASQADM portfw -a -P tcp -L $EXTERN_IP 27901 -R 192.168.10.1 27901
$IPMASQADM portfw -a -P udp -L $EXTERN_IP 27901 -R 192.168.10.1 27901
$IPMASQADM autofw -A -r udp 27910 27961 -h 192.168.10.1
$IPMASQADM autofw -A -r tcp 27950 27952 -h 192.168.10.1
But I get :
Starting Network: [IP Always Defrag: ENABLED]
IP filters: 1: not found
1: not found
1: not found
1: not found
1: not found
firewall [IP Forwarding: ENABLED]
Loopback interface: lo
Starting interface: eth1 eth2
Hostname: markii
Static NS: 4 hosts
I don't see where this is coming from at all.
> Good luck, if you have problems, post details...if no one else can help, I
> hope to be around some Tuesday.
Thanks,
I hope to finish this up soon,
Kory
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
