Hello everybody.
I'm new to this mailing list, and would appreciate some help from
you experienced diald users.
I'm trying to do something I find quite advanced, but that is
maybe because I don't really know what I am doing.
I have a small network with a Linux box used for development and
as a firewall (I will set up a dedicated firewall later), an NT
server just for fun :-) and a Windows 95 notebook. The Linux box
uses ipfwadm masquerading firewalling. My ISP uses dynamic
IP adressing. Diald is 0.16.5. Kernel is 2.0.32. I use the
standard.filter from the distribution.
I have been struggling with diald for some months now, getting
slowly closer to the goal.
I put all my questions in this mail, hoping you will endure
the reading.
0) Is there a way to get old mailing lists?
-------------------------------------------
I have asked the mailing list server for an index on
this list but there is no.
----------
>>>> index linux-diald
#### No files available for linux-diald.
----------
How can I get hold of old mailing lists?
1) Has someone already done this?
----------------------------------
Is there someone who is doing this already? Please send a mail if
you want to share your experiences.
2) Problem with rejected SYN packets from NT
---------------------------------------------
My current problem is NT. It seems that NT always sends a SYN
packet of lengh 44, which is rejected by diald. This is the debug log
from an
>ftp 172.16.0.2
on the NT box. 172.16.0.2 is the remote address of diald.
---------
May 5 12:16:08 linuxserver diald[5993]: filter ignored rule 0 proto 6
len 44 seq 7f847b9 ack 0 flags SYN packet 172.17.0.2,1792 =>
172.16.0.2,21
May 5 12:16:08 linuxserver diald[5993]: filter ignored rule 0 proto 6
len 40 seq 0 ack 7f847ba flags RST ACK packet 172.16.0.2,21 =>
172.17.0.2,1792
May 5 12:16:08 linuxserver kernel: IP fw-fwd deny eth0 TCP
172.16.0.2:21 172.17.0.2:1792 L=40 S=0xC0 I=33076 F=0x0000 T=15
--------
Whe first line is the request from NT ftp. The second is
the diald response.
How can i design a rule that accepts this message?
3) Problem understanding the debug messages
--------------------------------------------
What does the different attributes of the debug message mean?
I don't understand how the message relate to rules in the
standard.filter file.
I think the explanation of the debug messages should go into
the documentation.
4) Small problem with the firewall, denying RST ACK message
-----------------------------------------------------------
The firewall denies the RST ACK message wich I think is generated
by the diald interface. In version 0.16.4 the following firewall rule
worked fine:
------------
# Allow replies from diald, this is how it should be done
ipfwadm -F -a accept -W sl0 -S 0.0.0.0/0 -D 172.17.0.0/16 -o
# Allow replies from diald, security risk remove later
#ipfwadm -F -a accept -W eth0 -S 0.0.0.0/0 -D 172.17.0.0/16 -o
------------
The commented line is how it must be made now, if I want the
RST ACK packet to come through. If not the NT session will
time-out, which is acceptable.
Thanks a lot
/M�rten Gustafson
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
