/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Reply to message 1: To implemente the port forwading , you need the code IPMASQADM, you can download it at ftp:ftp.compsoc.net:/pub/users/steve/ipsubs/ipmasqadm-0.4.2.tar.gz And you will need to read the text on http://www.ox.comp^soc.net/~steve/portforwarding.html regards mea > -----Message d'origine----- > De: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Date: Monday, June 25, 2001 7:00 PM > @: [EMAIL PROTECTED] > Objet: Masq digest, Vol 1 #419 - 3 msgs > > > Send Masq mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the web, visit > http://home.indyramp.com/mailman/listinfo/masq > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific than > "Re: Contents of Masq digest..." > > > This is the Linux IP Masquerading mailing list digest. To unsubscribe, > change to realtime distribution, or adjust your other list options, visit > the web page at > > http://home.indyramp.com/mailman/listinfo/masq > > PLEASE read the HOWTO and search the archives before posting. > You can start your search at http://www.indyramp.com/masq/ > Please keep general linux/unix/pc/internet questions off the list. > > Today's Topics: > > 1. Port Forwarding and ftp (Carl Engstrom) > 2. RE: Port Forwarding and ftp (Jamin Collins) > 3. Re: Port Forwarding and ftp (Dave Mussulman) > > --__--__-- > > Message: 1 > Reply-To: <[EMAIL PROTECTED]> > From: "Carl Engstrom" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Date: Sun, 24 Jun 2001 12:06:16 -0700 > Subject: [Masq] Port Forwarding and ftp > > So I'm finally getting aroung to doing things the "right" way. I am > moving > my ftp service off of my firewall box to a seperate server dedicated to > the > job. I have a few questions however. > > redhat 7.0 > > 1) What code do I need to do the port forwarding -- masqadm? I forgot the > name of the forwarding deamon. > > 2) What rules should I set in my IPchains firewall to forward traffic to > this new box: > > box ID -- 192.168.100.4 > Port for FTP 1001-1009 > > 3) can I use ports 1001-1009 without killing anything else? > > 4) any help on the commands would be appreciated, I will be checking the > howto, but if you want to drop some hints I'd appreciate it. > > 5) I was planning to NFS mount the drives for the FTP server from another > Linux box, but I'm worried that this might expose me to security > risks...comments? > > Here is what I was thinking... > > INTERNET <--- >Firewall <---->Internal Network > ^ > | > | > Port 1001 > | > | > v > FTP Server > > Also, most of my disk is on my firewall, so that is where I would NFS > mount > from. > > Thanks > > Carl > > --__--__-- > > Message: 2 > From: Jamin Collins <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Subject: RE: [Masq] Port Forwarding and ftp > Date: Sun, 24 Jun 2001 16:27:02 -0500 > > Carl Engstrom [mailto:[EMAIL PROTECTED]] wrote: > > redhat 7.0 > > > > 1) What code do I need to do the port forwarding -- masqadm? > > I forgot the name of the forwarding deamon. > I believe this is ipmasqadm (check rpmfind for it) > > > 2) What rules should I set in my IPchains firewall to forward > > traffic to this new box: > > > > box ID -- 192.168.100.4 > > Port for FTP 1001-1009 > Not sure on this one. I've got a nifty script that handles it if you > would > like it. > > > 3) can I use ports 1001-1009 without killing anything else? > Check /etc/services for information on that. > > > 5) I was planning to NFS mount the drives for the FTP server > > from another Linux box, but I'm worried that this might > > expose me to security risks...comments? > Not sure the specifics, but I know that it will. > > Jamin W. Collins > > --__--__-- > > Message: 3 > Date: Sun, 24 Jun 2001 16:49:47 -0500 > To: <[EMAIL PROTECTED]> > From: Dave Mussulman <[EMAIL PROTECTED]> > Subject: Re: [Masq] Port Forwarding and ftp > > At 12:06 PM 6/24/2001 -0700, Carl Engstrom wrote: > >1) What code do I need to do the port forwarding -- masqadm? I forgot the > >name of the forwarding deamon. > > As mentioned, ipmasqadm is the utility you want. > > > >2) What rules should I set in my IPchains firewall to forward traffic to > >this new box: > > > >box ID -- 192.168.100.4 > >Port for FTP 1001-1009 > > > >3) can I use ports 1001-1009 without killing anything else? > > > >4) any help on the commands would be appreciated, I will be checking the > >howto, but if you want to drop some hints I'd appreciate it. > > The newest version of ip_masq_ftp.c works for both directions. (ie: > masq'd > ftp clients can communicate to an outside server, and outside ftp clients > can connect to an inside masq'd ftp server.) You only need to port > forward > the main server port. All the other ports used for FTP are handled by the > > ip_masq_ftp module. > > At least that's how it works for me. I'm forwarding port 2121 to port 21 > on an inside server and that's the only 'firewall' stuff I'm doing. > > > >5) I was planning to NFS mount the drives for the FTP server from another > >Linux box, but I'm worried that this might expose me to security > >risks...comments? > >Also, most of my disk is on my firewall, so that is where I would NFS > mount > >from. > > If you've setup a strong firewall and are using NFS only within the > inside, > private network you should be fine. > > I don't have much NFS experience, but if it's daemons work anything like > other services I've seen, then see if you can bind them to listen only on > the internal interface and ignore anything from the Internet. Then you > should be safe from external usage, at least. > > Good luck, > Dave > > > > --__--__-- > > _______________________________________________ > Masq maillist - [EMAIL PROTECTED] > http://home.indyramp.com/mailman/listinfo/masq > Admin requests handled at the above URL or > [EMAIL PROTECTED] > > PLEASE read the HOWTO and search the archives before posting. > You can start your search at http://www.indyramp.com/masq/ > Please keep general linux/unix/pc/internet questions off the list. > > End of Masq Digest _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
