hello F Fermat wrote: > I have some problem on ipfwadm and ipportfw. > I am using linux kernel 2.0.35 and complied the kernel with this > > # Code maturity level options > # > CONFIG_EXPERIMENTAL=y > # > # Loadable module support > # > CONFIG_MODULES=y > # CONFIG_MODVERSIONS is not set > # CONFIG_KERNELD is not set > # > # Networking options > # > CONFIG_FIREWALL=y > CONFIG_NET_ALIAS=y > CONFIG_INET=y > CONFIG_IP_FORWARD=y > # CONFIG_IP_MULTICAST is not set > CONFIG_SYN_COOKIES=y > CONFIG_IP_FIREWALL=y > CONFIG_IP_FIREWALL_VERBOSE=y > CONFIG_IP_MASQUERADE=y > CONFIG_IP_MASQUERADE_IPAUTOFW=y > CONFIG_IP_MASQUERADE_IPPORTFW=y > CONFIG_IP_MASQUERADE_ICMP=y > CONFIG_IP_TRANSPARENT_PROXY=y > # CONFIG_IP_ALWAYS_DEFRAG is not set > CONFIG_IP_ACCT=y > # CONFIG_IP_ROUTER is not set > # CONFIG_NET_IPIP is not set > CONFIG_IP_ALIAS=y > # CONFIG_INET_PCTCP is not set > # CONFIG_INET_RARP is not set > # CONFIG_NO_PATH_MTU_DISCOVERY is not set > CONFIG_IP_NOSR=y > CONFIG_SKB_LARGE=y > # CONFIG_IPX is not set > # CONFIG_ATALK is not set > # CONFIG_AX25 is not set > # CONFIG_BRIDGE is not set > # CONFIG_NETLINK is not set > > My firewall rules are > > #!/bin/sh > IPFWADM=/sbin/ipfwadm > IPPORTFW=/sbin/ipportfw > #Flush all rules > $IPFWADM -F -f > $IPFWADM -I -f > $IPFWADM -O -f > > # Set Default Policies > $IPFWADM -I -p accept > $IPFWADM -O -p accept > $IPFWADM -F -p deny > > /sbin/insmod ip_masq_ftp > > # No Rules restriction on Internal to External > $IPFWADM -F -a accept -m -S 10.0.0.0/8 -D 0/0 -W eth0 > > # IP Port forwarding Rules > $IPPORTFW -A -t 202.xx.xx.xx/80 -R 10.0.0.2/80 > $IPPORTFW -A -t 202.xx.xx.xx/21 -R 10.0.0.2/21 > $IPPORTFW -A -t 202.xx.xx.xx/23 -R 10.0.0.2/23 > > I try to telnet to port 80, 23 and ftp. On the client side, there is not > respond. Just say > > Trying 202.xx.xx.xx ........... > > (at the end- time out and disconnect) > > I check the fiewall accounting and here is the result > > IP firewall forward rules, default policy: deny > type prot source destination ports > acc/m all localnet/8 anywhere n/a > IP firewall output rules, default policy: accept > IP firewall input rules, default policy: accept > IP masquerading entries > prot expire source destination ports > tcp 12:49.94 10.0.0.2 202.xx.xx.xx www (80) -> 3672 > tcp 13:01.84 10.0.0.2 202.xx.xx.xx telnet (23)->22573 > tcp 12:34.83 10.0.0.2 202.xx.xx.xx telnet (23)->21874 > tcp 13:01.83 10.0.0.2 202.xx.xx.xx ftp (21) -> 22571 > > Can anybody tell me what got wrong? > > Thank You > On my experience I don't think you need to apply IPPORTFW to the ports. I don't do it and it works nicely. As far as I know IPPORTWF is to use with protocols which the kernel doesn't know how to handle and there is no module to do it. In the standard distribution there is support for http, telnet, and the other trivial protocols; and ftp, irc, quake, real audio, cuseeme all as modules. hope this helps greetings daniel - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
