/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
[EMAIL PROTECTED] wrote:
> I have a need to get rlogin and rsh through an internal linux masquerade box to an
>internal subnet.
>
> The following is from the rshd and rlogind man page:
> 1. The server checks the client's source port. If the port is not in
> the range 512-1023, the server aborts the connection.
>
> So I need to keep masquereaded ports dealing with rlogin and rsh in this range and
>not masquereaded as indicated by ipchains -L -M:
> TCP 01:38.11 192.0.2.2 efx99.turner.com 1023 (61035) -> shell.
>
> For testing I'm using the simplest masquerade script:
> ipchains -P forward DENY
> ipchains -A forward -i eth1 -j MASQ
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> It looks as though I need an incantation of
> ipmasqadm portfw -a .... to redirect back to the range of 512-1023 but, I'm having
>issues.
that won't help if the rsh connections are initiated from
within the masqueraded network. it sounds like a job for
an rsh masquerading kernel module :) or an rsh proxy.
you might be able to configure/recompile the server to skip
that check. it's so insecure anyway that it won't hurt :)
(in a local net, anyway).
> Has anyone managed to get rlogin and rsh through?
> Help here is appreciated.
>
> Sam
i'd recommend using ssh instead and installing symlinks
for all of the old commands.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
