/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
>I changed the $INTIF to $EXTIF and now the server is visible to me from the
>inside of the network. You are correct in your assumption that I would like
>this server to be accessible from the Internet through the External
>interface, unfortunately I still cannot see it from outside the network.
Define "see it from the outside network". Are you talking about
other Tribes2 clients seeing your server? If so, the tribes2
registration process might need additional ports to be opened
up.
What I recommend to do is shut down the Tribes server. Then
run a "tail -f /var/log/messages" to watch the firewall hits
in real time. Finally, restart the Tribes server and see if
any packets get lost. Any packets that are dropped and you
think they are for Tribes2 should be then explicitly allowed
in the rc.firewall ruleset.
>I am also looking forward to a solution to Loren's question about SSH
>through MASQ gateway. SSH works fine for me with the simple firewall
>ruleset, but not when I load the stronger ruleset.
Are you talking about SSHing to an internal MASQed host from the
Internet? If so, this is just a basic PORTFW issue. What you need
to do is:
1) Allow say port 24 into the MASQ firewall via a FORWARD rule. If you
are asking "why port 24", you cannot use port 22 unless you aren't
already running the SSHd daemon (uses port 22) on the MASQ firewall
server.
http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/c-html/forwarders.html#PORTFW-VIA-2.4.X-PREROUTING
2) PORTFW port 24 to your intended internal server
Example shown in the URL above.
3) Allow OUT that port via a "related" FORWARD rule. The end of
the rc.firewall-2.4-stronger ruleset has an example of that.
>command "chkconfig --level=345 firewall-2.4 on" the firewall load fails and
>returns an error message "execvp: Permission Denied". I would like to use
>this method to load the firewall, if anybody has any suggestions I'd sure
>appreciate hearing them.
Are you running the "chkconfig" command as root?
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
