Re: [Masq] Two quick questions, please.

Mon, 18 Dec 2000 00:10:37 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


mendes wrote:

>       I have two quick questions that are very likely to be silly but 
> unfortunately I don't know the answer.
> 
> a) How can I telnet from an outside computer to one on my internal network?  
> I am not talking about the rules and else, I am actually asking for the 
> command to use for the connection. Something like
> 
> outside_computer $ telnet computer_on_internal_networK
> 
> For instance:
> 
> My internal machine is 192.168.233.3. How to reach it?

the simple answer is that you can't becuase 192... is a private
address that can't be used on the internet.

the long answer is that you need port forwarding which requires
masquerading and hence more "rules".

the longer answer is that you do not want to do this (if you know
what's best for you) because every time you telnet to your host,
you are giving your password to the world. use ssh instead.

anyway, the commands you need for port forwarding (which are all in
the masquerading howto) is something like:

  # set up masquerading (prerequisite for port forwarding)
  ipchains -P forward DENY
  ipchains -A forward -i $extif -j MASQ

  # set up port forwarding
  ipmasqadm portfw -f
  ipmasqadm portfw -a -P tcp -L $extip $port -R $server $port

where:
  $extif = the external network interface device name
  $extip = the external network interface's ip address
  $server = the ip address of the internal server
  $port = the port relating to the forwarded service (23 = telnet, 22 = ssh)

> b) I need to do some rules to avoid some sites. I noticed that the rules use 
> -d ip_address and not -d www.avoid_this_site.  Can I use names instead of 
> ip_addresses?

yes but only if dns is operational when you execute the commands.
note that dns usually doesn't work when initialising a firewall
until the rules that allow dns have executed.

and if they change the addresses on you (like doubleclick does
every minute), it'll stop doing what you want.

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to