Re: [leaf-user] 2 external ip addresses on lan behind bering

[C. Dummy]

Thanks. Udp 4000 should be open in order to get ICQ working.(thats what they say on their web site) I can't set this port in ICQ that's why I tried to map this port on both computers. Same with 5190. As for the ftp I'm talking about net zone to my server on 192.168.1.201 but guy comes from other network behind firewall via unternet to my server behind my firewall
Tom Eastep wrote:

--On Tuesday, January 21, 2003 3:46 PM -0500 "C. Dummy" <[EMAIL PROTECTED]> wrote:

 File transfer on ICQ doesn't work for me at all doesn't matter if other
computer is behind firewall or not.  These are my rules:
# icq
DNAT     net        loc:192.168.1.201   udp 4000
DNAT     net        loc:192.168.1.202   udp 4000

Make up your mind -- you can't forward the same port to two different systems.

DNAT     net        loc:192.168.1.201   tcp 5190
DNAT     net        loc:192.168.1.202   tcp 5190

Ditto. But luckily, you shouldn't have to forward either of those ports to make file transfer work.

DNAT     net        loc:192.168.1.201   tcp 4110:4119
DNAT     net        loc:192.168.1.202   tcp  4100:4109
ICQ2000 on 192.168.1.201 is configured not using proxy, use following
ports to listen 4110 4119 ICQ2000 on 192.168.1.202 is configured not
using proxy, use following ports to listen 4100 4109

Ah -- I think that if you use netstat to look at what's happening, you'll see that the current version of ICQ 2000 ignores the port specifications and uses whatever it feels like :-(

LICQ works fine on the other hand.

Ftp between to
firewalls same thing nobody from behind firewall can't access my server
and I can't access any server behind firewall not in active or passive
mode.  These are my rules:
# ftp server on 192.168.1.201
DNAT     net     loc:192.168.1.201     tcp  ftp

That rule is correct and I believe that the Bering kernel has the ftp support built in so there is no Shorewall reason why your FTP server shouldn't work from the net zone.

On the other hand, what possible reason would you have for thinking that the rule you show would do anything for access to your server from behind the firewall? It only allows ftp access from the 'net' zone.

-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: teastep \ http://www.shorewall.net
ICQ: #60745924 \ [EMAIL PROTECTED]


-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html