On Sun, 5 Dec 1999, Avram Aumick wrote:
> This is the masq file:
> ## Masquerading firewall timeouts: tcp conns 8hrs, tcp after fin pkt 60s,
> udp 10min
> $IPCHAINS -M -S 14400 60 600
>
> ## Set up kernel to enabe IP masquerading
> echo 1 > /proc/sys/net/ipv4/ip_forward
> ## Set up kernel to handle dynamic IP masquerading
> echo 7 > /proc/sys/net/ipv4/ip_dynaddr
>
> ## Don't Masquerade internal-internal traffic
> $IPCHAINS -A forward -s $INTERNALNET -d $INTERNALNET -j ACCEPT
>
> ## Don't Masquerade external interface direct
> $IPCHAINS -A forward -s $OUTERNET -d $REMOTENET -j ACCEPT
>
> ## Masquerade all internal IP's going outside
> $IPCHAINS -A forward -s $INTERNALNET -d $REMOTENET -j MASQ
>
> ## Set Default rule on MASQ chain to Deny
> $IPCHAINS -P forward DENY
>
> ## Allow all connections from the network to the outside
> $IPCHAINS -A input -s $INTERNALNET -d $REMOTENET -j ACCEPT
> $IPCHAINS -A output -s $INTERNALNET -d $REMOTENET -j ACCEPT
> ## Set Default rule on MASQ chain to Deny
> $IPCHAINS -P forward DENY
>
> ## Allow all connections from the network to the outside
> $IPCHAINS -A input -s $INTERNALNET -d $REMOTENET -j ACCEPT
> $IPCHAINS -A output -s $INTERNALNET -d $REMOTENET -j ACCEPT
>
> # Set telnet, www, smtp, pop3 and FTP for minimum delay
> $IPCHAINS -A output -p tcp -d 0/0 80 -t 0x01 0x10
> $IPCHAINS -A output -p tcp -d 0/0 22 -t 0x01 0x10
> $IPCHAINS -A output -p tcp -d 0/0 23 -t 0x01 0x10
> $IPCHAINS -A output -p tcp -d 0/0 21 -t 0x01 0x10
> $IPCHAINS -A output -p tcp -d 0/0 110 -t 0x01 0x10
> $IPCHAINS -A output -p tcp -d 0/0 25 -t 0x01 0x10
>
> # Set ftp-data for maximum throughput
> $IPCHAINS -A output -p tcp -d 0/0 20 -t 0x01 0x08
>
> # Allow outgoing ICMP
> $IPCHAINS -A output -p icmp -s $INTERNALNET -d $REMOTENET -j ACCEPT
>
> Avram
>
> On Sun, 5 Dec 1999, root wrote:
>
> >
> > Looks to me you have two problems. One is your route/masque the other is
> > your nfs config.
> > Your logs definitely show the nfs client/server are communicating. They
> > just aren't authenticating through to each other.
> > As for the ip masq, it looks like you have forwarding on, but what do you
> > have for your forwarding rules?
> >
> >
> > On Sat, 4 Dec 1999, Avram Aumick wrote:
> >
> > > Date: Sat, 4 Dec 1999 18:31:12 -0600 (CST)
> > > From: Avram Aumick <[EMAIL PROTECTED]>
> > > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> > > Cc: [EMAIL PROTECTED]
> > > Subject: Re: communication problem
> > >
> > > In am trying to do an nfs mount. What would I have to put in my
> > > hosts.allow file to stop this? I thought that this was the result of a
> > > routing problem that I am having. Even though I am doing ip masq my
> > > workstation does not see the outside world.
> > >
> > > Avram
> > >
> > > On Sat, 4 Dec 1999, [EMAIL PROTECTED] wrote:
> > >
> > > >
> > > > If you are trying to do an nfs mount of the server, be aware that the
> > > > hosts.alloy, hosts.deny files are used by nfs as well as inetd to
> > > > determine authorized/denied hosts. It is a feature of glibc 2x
> > > >
> > > > Since this is a router type host, you probably have some host allow, host
> > > > deny rules.
> > > >
> > > > This one bit me in the @$$ a long time ago.
> > > >
> > > > --Matt
> > > >
> > > > --
> > > > Matt Galgoci
> > > > Job title: export title=`dd if=/dev/random bs=24 count=1`
> > > > echo $title
> > > >
> > > > On 4 Dec 1999, Avram Aumick wrote:
> > > >
> > > > > I am having problems with communication between my server which has a dsl
> > > > > connection to the outside world and my interal network (now just one
> > > > > workstation). I know it is a configuration problem but I don't know the
> > > > > solution. On the server in the /var/log/messages file I receive these errors:
> > > > >
> > > > > Dec 4 16:25:41 alpha portmap[32593]: connect from 192.168.1.11 to
> > > > > getport(mountd): request from unauthorized host
> > > > > Dec 4 16:25:41 alpha portmap[32594]: connect from 192.168.1.11 to
> > > > > getport(mountd): request from unauthorized host
> > > > >
> > > > >
> > > > > >From the workstation I received these errors in /var/log/messages file:
> > > > >
> > > > >
> > > > > Dec 4 02:49:56 beta portmap[580]: connect from 192.168.1.10 to
> > > > > getport(mountd): request from unauthorized host
> > > > > Dec 4 02:49:56 beta portmap[581]: connect from 192.168.1.10 to
> > > > > getport(mountd): request from unauthorized host
> > > > >
> > > > > >From workstation beta I can ping the internal ip addreses and I can ping
>the
> > > > > ip address to the dsl NIC card on alpha. However I can not reach the outside
> > > > > world. If workstation is booted into WinNT (which is rare, only needed for
> > > > > quicken), there is no problem in reaching the outside world. IN linux I have
>the
> > > > > above problems.
> > > > >
> > > > > Any suggestions on where I should look for the solution for the problem? I
> > > > > suspect that it is on the beta workstation.
> > > > >
> > > > > Avram Aumick
> > > > >
> > > > > PC's are like an air conditioner. When windows are open, it doesn't
> > > > > work very well!
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > > > as the Subject.
> > > > >
> > > >
> > > >
> > >
> > >
> > > ************************************************************
> > > Failure is not an option. It comes bundled with your Microsoft
> > > product.
> > >
> >
> >
> >
>
>
> ************************************************************
> Failure is not an option. It comes bundled with your Microsoft
> product.
>
>
************************************************************
Failure is not an option. It comes bundled with your Microsoft
product.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
