ipmasqadm and firewall stuff
ok... so, i have this nice new firewall script that's auto-executed whenever i start rp-pppoe... i'm connecting using ADSL, so ppp0 is different every time i connect (which isn't very frequent unless something goes whacky on the ISP's side). so, here's the deal... i have a nice ipmasqadm part that forwards ICQ stuff for me: ipmasqadm portfw -a -P tcp -L 4.x.x.x 4000 -R 192.168.1.11 4000 now then... i had to manually put in my $EXTERNAL_INTERFACE (the 4.x.x.x) because for some reason, ipmasqadm won't accept the variable. i would like the ipmasqadm to work with the variable for ppp0 ($EXTERNAL_INTERFACE)... rather than manually typing in the dang external ip and re-running the script just so i can use ICQ. any idears? thanks!!! -jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipmasqadm and firewall stuff
On Wed, 11 Sep 2002 15:46:34 -0400 jeff [EMAIL PROTECTED] wrote: ipmasqadm portfw -a -P tcp -L 4.x.x.x 4000 -R 192.168.1.11 4000 now then... i had to manually put in my $EXTERNAL_INTERFACE (the 4.x.x.x) because for some reason, ipmasqadm won't accept the variable. Hmmm, ipmasqadm has nothing to do with the variable. The variable should be expanded by your shell prior ot the command execution. What happens when you try to use the variable in place of the actual IP. Have you verified that the variable contains that correct information, and nothing more, just before the execution of this command. If you are using bash, have you tried adding a '-x' after the #!/bin/bash at the top of the script? -- Jamin W. Collins -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipmasqadm and firewall stuff
- Original Message - From: Jamin W.Collins [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 11, 2002 3:56 PM Subject: Re: ipmasqadm and firewall stuff On Wed, 11 Sep 2002 15:46:34 -0400 jeff [EMAIL PROTECTED] wrote: ipmasqadm portfw -a -P tcp -L 4.x.x.x 4000 -R 192.168.1.11 4000 now then... i had to manually put in my $EXTERNAL_INTERFACE (the 4.x.x.x) because for some reason, ipmasqadm won't accept the variable. Hmmm, ipmasqadm has nothing to do with the variable. The variable should be expanded by your shell prior ot the command execution. What happens when you try to use the variable in place of the actual IP. Have you verified that the variable contains that correct information, and nothing more, just before the execution of this command. If you are using bash, have you tried adding a '-x' after the #!/bin/bash at the top of the script? -- Jamin W. Collins -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] hi jamin... all i had to do was do a double-take on my script and i figured it out. right at the beginning, i totally missed this: IPADDR=`/sbin/ifconfig ppp0 | grep inet addr | awk -F: '{print$2}' | awk '{print $1)' ` there's my missing variable... i only get a small self-inflicted DUH this time because i actually figured it out... LOL... it works fine with the above ipmasqadm statement: ipmasqadm portfw -a -P tcp -L $IPADDR 4000 -R 192.168.1.11 4000 anyway, i'm still fairly new to linux... and damn there's so much to learn... but i love it... thanks for the quick reply anyway -jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
debian ipmasq ipmasqadm portfw
Hola estimados listeros: Me estoy rompiendo la cabeza y no consigo hacer funcionar esto del portfw. Tengo un potato con el paquete ipmasq funcionando con las opciones por default salvo que una unica ip hace masquerade (10.1.85.95). Quiero publicar un apache que esta en la 10.1.85.91 y no funciona. Lo que he puesto es lo siguiente: ipmasqadm portfw -f ipchains -I forward -i eth0 -j MASQ ipmasqadm portfw -a -P tcp -L 200.20.20.200 80 -R 10.1.85.91 80 Estoy seguro que el problema esta con alguna otra de las reglas pero no puedo encontrar donde esta el problema. Saludos y muchas gracias a todos. Vamos debian todavia !!! Fernando - Argentina o- Este es el resultado de mi ipchains-save luego de ejecutar estas 3 lineas: :input DENY :forward DENY :output DENY -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i lo -j ACCEPT -A input -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i ! lo -j DENY -l -A input -s 0.0.0.0/0.0.0.0 -d 255.255.255.255/255.255.255.255 -i eth1 -j ACCEPT -A input -s 10.1.85.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j ACCEPT -A input -s 0.0.0.0/0.0.0.0 -d 224.0.0.0/240.0.0.0 -i eth1 -p ! 6 -j ACCEPT -A input -s 10.1.85.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DENY -l -A input -s 0.0.0.0/0.0.0.0 -d 255.255.255.255/255.255.255.255 -i eth0 -j ACCEPT -A input -s 0.0.0.0/0.0.0.0 -d 200.20.20.200/255.255.255.255 -i eth0 -j ACCEPT -A input -s 0.0.0.0/0.0.0.0 -d 200.20.20.255/255.255.255.255 -i eth0 -j ACCEPT -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l -A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j MASQ -A forward -s 10.1.85.95/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -j MASQ -A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l -A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i lo -j ACCEPT -A output -s 0.0.0.0/0.0.0.0 -d 10.1.85.0/255.255.255.0 -i eth1 -j ACCEPT -A output -s 0.0.0.0/0.0.0.0 -d 224.0.0.0/240.0.0.0 -i eth1 -p ! 6 -j ACCEPT -A output -s 0.0.0.0/0.0.0.0 -d 10.1.85.0/255.255.255.0 -i eth0 -j DENY -l -A output -s 200.20.20.200/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -j ACCEPT -A output -s 200.20.20.255/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -j ACCEPT -A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian ipmasq ipmasqadm portfw
usa iptables ;) claro q necesitas un kernel 2.4 es menos engorroso y se puede manejar mejor saludos -- Get your free email from www.linuxmail.org Powered by Outblaze -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ipmasqadm portfw
Bonjour je recherche de la doc sur ipmasqadm portfw je n'arrive a rien malgres les differentes docs que je trove sur le net voila la commande que jutilise ipmasqadm portfw -a -P tcp -L 192.168.1.100 80 - R 150.0.0.100 80 la commande est bien valide pas de message d'erreur le forwrad est bien active mais voila aucun resultat voila merci pour une reponse si vous avez une idée @++ et Merci
Re: ipmasqadm portfw
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: Bonjour je recherche de la doc sur ipmasqadm portfw je n'arrive a rien malgres les differentes docs que je trove sur le net voila la commande que jutilise ipmasqadm portfw -a -P tcp -L 192.168.1.100 80 - R 150.0.0.100 80 la commande est bien valide pas de message d'erreur le forwrad est bien active mais voila aucun resultat As-tu bien active le routage ? Que donne : cat /proc/sys/net/ipv4/ip_forward ? Si c'est 1, oublie ce que je viens de dire. Sinon, echo 1 /proc/sys/net/ipv4/ip_forward. Pierre
Re: ipmasqadm portfw
voila la commande que jutilise ipmasqadm portfw -a -P tcp -L 192.168.1.100 80 - R 150.0.0.100 80 C'est quoi que tu veux faire? Ca serait un bon debut de detailler un peu plus ton probleme. Si je lis bien, tu veux que, quand un utilisateur qui veut contacter une machine dont l'ip destination et port destination est de 192.168.1.100 80 soit redirige vers 150.0.0.100 80. De cette maniere, c'est suppose fonctionne. Sinon, detailles un peu plus ton probleme au lieu de faire comme 99% des utilisateurs qui disent ca ne marche pas... As-tu fait du sniffing? Les packets se rendent au serveur? le serveur et le client se communiquent? le serveur communique avec l'autre serveur dont il redirige? Le cable est bien branche? tu as configure tes IP's ? N'oublie pas de decrire ton reseau.
ipmasqadm portfw
Hello, I'm using kernel 2.2.19 and I have a little question regarding portfw. I've set up some rules to forward some ports to an other computer on the network : ipmasqadm portfw -a -P tcp -L localhost 8002 -R 192.168.1.10 8002 ipmasqadm portfw -a -P tcp -L 192.168.1.250 8002 -R 192.168.1.10 8002 ipmasqadm portfw -a -P tcp -L extern-ip 8002 -R 192.168.1.10 8002 This works good as long as the request comes from the outer network(internet). So it doesn't work when I try to connect on the server who has this installed or when I try to connect from any other computer on the network using external-ip:8002 . What I was wondering about, when does portfw get the packet? All my ipchains rules seem to be correct. I use masquerading also. I have attached my ipchains rules. Thanks for any responses :) Elm Chain input (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opttosa tosx ifname mark outsize sourcedestination ports 181K 11M ACCEPT all -- 0xFF 0x00 lo anywhere anywhere n/a 0 0 DENY all l- 0xFF 0x00 !lo 127.0.0.0/8 anywhere n/a 970K 220M ACCEPT all -- 0xFF 0x00 eth0 localnet/24 anywhere n/a 0 0 DENY all l- 0xFF 0x00 eth1 localnet/24 anywhere n/a 290K 116M ACCEPT all -- 0xFF 0x00 eth1 anywhere extern-ip n/a 0 0 DENY all l- 0xFF 0x00 any anywhere anywhere n/a Chain forward (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opttosa tosx ifname mark outsize sourcedestination ports 80253 7420K MASQ all -- 0xFF 0x00 eth1 localnet/24 anywhere n/a 0 0 DENY all l- 0xFF 0x00 any anywhere anywhere n/a Chain output (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opttosa tosx ifname mark outsize sourcedestination ports 181K 11M ACCEPT all -- 0xFF 0x00 lo anywhere anywhere n/a 976K 680M ACCEPT all -- 0xFF 0x00 eth0 anywhere localnet/24 n/a 0 0 ACCEPT!tcp -- 0xFF 0x00 eth0 anywhere BASE-ADDRESS.MCAST.NET/4 any - any 0 0 DENY all l- 0xFF 0x00 eth1 anywhere localnet/24 n/a 310K 43M ACCEPT all -- 0xFF 0x00 eth1 extern-ip anywhere n/a 0 0 DENY all l- 0xFF 0x00 any anywhere anywhere n/a
ipmasqadm portfw
(sorry for the wrong subject on previous post!) Hi, I'm using kernel 2.2.14 and I have a problem with ipmasqadm portfw.When I try to add a rule for forwarding a port I get the following error :ipmasqadm portfw -a -P tcp -L 212.69.202.112 8002 -R 192.168.1.10 8002portfw: setsockopt failed: Invalid argumentwhen I try to get get a list I get :[EMAIL PROTECTED] 09:34:06 /server/kernel/linux-2.2$ ipmasqadm portfw -lportfw: setsockopt failed: Invalid argumentCould not open "/proc/net/ip_masq/portfw"Could not open "/proc/net/ip_portfw"Check if you have enabled portforwardingFrom what I understand from searching mailing lists and so on I don't havethis aspect commpiled into my kernel.This is the .config file :cut## Networking options#CONFIG_PACKET=yCONFIG_NETLINK=yCONFIG_RTNETLINK=yCONFIG_NETLINK_DEV=yCONFIG_FIREWALL=yCONFIG_FILTER=yCONFIG_UNIX=yCONFIG_INET=y# CONFIG_IP_MULTICAST is not set# CONFIG_IP_ADVANCED_ROUTER is not set# CONFIG_IP_PNP is not setCONFIG_IP_FIREWALL=yCONFIG_IP_FIREWALL_NETLINK=yCONFIG_NETLINK_DEV=yCONFIG_IP_TRANSPARENT_PROXY=yCONFIG_IP_MASQUERADE=y## Protocol-specific masquerading support will be built as modules.#CONFIG_IP_MASQUERADE_ICMP=y## Protocol-specific masquerading support will be built as modules.## CONFIG_IP_ROUTER is not set# CONFIG_NET_IPIP is not set# CONFIG_NET_IPGRE is not set# CONFIG_IP_ALIAS is not setCONFIG_SYN_COOKIES=ycutI can't see the option CONFIG_IP_MASQUERADE_MOD so noCONFIG_IP_MASQUERADE_IPPORTFW aswell.So I suppose I need to recompile this kernel?if so...Can I just compile a 2.4 version to upgrade from this 2.2 version?Is there any way not to break things apart if I compile this new kernel? Oris the best way to go just to keep the old .config at hand when configuringthe new one?Thx!khb
Re: ipmasqadm portfw
On Wed, Feb 06, 2002 at 09:53:01AM +0100, Elm Gysel wrote: I'm using kernel 2.2.14 and I have a problem with ipmasqadm portfw. From what I understand from searching mailing lists and so on I don't have this aspect commpiled into my kernel. This is the .config file : [snip] Have you set CONFIG_EXPERIMENTAL ? So I suppose I need to recompile this kernel? Almost certainly... if so... Can I just compile a 2.4 version to upgrade from this 2.2 version? Is there any way not to break things apart if I compile this new kernel? Or is the best way to go just to keep the old .config at hand when configuring the new one? Beware, kernel 2.4 uses iptables, not ipchains. So you may have to upgrade some tools as well. I dunno if ipfwadm supports kernel 2.4, to be honest. However, if you're upgrading to 2.4, make sure you're at least on woody, or have the potato-2.4 support packages by A. Bunk (I think that's the guy :-) installed. You can drop the old .config file into the new kernel source directory, and run make oldconfig which will ask you any questions that it doesn't have answers for already. In fact, make-kpkg does that anyway. :-) Keep your old kernel around and configured in lilo, so you can boot back when the new 2.4 kernel doesn't work. :-) -- === Paul TBBle Hampson, MCSE 4th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] Of course Pacman didn't influence us as kids. If it did, we'd be running around in darkened rooms, popping pills and listening to repetitive music. This email is licensed to the recipient for non-commercial use, duplication and distribution. === pgp9hf9IWQ6T1.pgp Description: PGP signature
RE: ipmasqadm portfw
This can (and probably should) be set in /etc/network/options: ip_forward=yes to stay consistent across reboots. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Raffael Ferenc [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2002 4:45 AM To: Jeremy L. Gaddis Subject: Re: ipmasqadm portfw And sometimes it's necessary to echo 1/proc/sys/net/ip_forward On Sun, Jan 13, 2002 at 09:22:12PM -0500, Jeremy L. Gaddis wrote: You need to say Yes to Network Firewalls, IP: firewalling, IP: masquerading and IP: masquerading special modules support. You also need to say Yes to Prompt for development and/or incomplete code/drivers if you haven't already. j. -- Jeremy L. Gaddis [EMAIL PROTECTED]
ipmasqadm
Ae pessoal To tendo alguns problemas tentando usar o ipmasqadm. Achei muita coisa sobre isso na net mas nada q solucionasse o meu problema. Preciso redirecionar a porta 8080 do maquina com acesso a internet(roteador) para a porta 80 de uma maquina da rede interna. ipvalido:8080 == 192.168.0.3:80 # insmod ip_masq_portfw # ipmasqadm portfw -a -P tcp -L $IP_INET 8080 -R 192.168.0.3 80 Quando tento acessar ipvalido:8080 ele fica esperando um tempao( loading... ), sem dar erro, e naum funciona. Quando eu troco $IP_INET por 192.168.0.10 (ip da rede interna) e acesso de dentro da rede dah o mesmo erro. O apache de 192.168.0.3 tah funcionando e pode ser acessado de qualquer maquina da rede interna. Naum sei o q falta (nunca fiz isso antes), naum sei se preciso carregar algum outro modulo. Descarreguei todas as regras do ipchains no roteador, deixei soh # ipchains -A forward -j MASQ portanto acho q naum tem nada bloqueando o acesso. Valeu --- -- - Jose Rafael Xavier dos Santos [EMAIL PROTECTED]
Re: ipmasqadm
On Wed, 31 Oct 2001, Jose Rafae Xavier dos Santos wrote: Ae pessoal To tendo alguns problemas tentando usar o ipmasqadm. Achei muita coisa sobre isso na net mas nada q solucionasse o meu problema. Preciso redirecionar a porta 8080 do maquina com acesso a internet(roteador) para a porta 80 de uma maquina da rede interna. ipvalido:8080 == 192.168.0.3:80 # insmod ip_masq_portfw # ipmasqadm portfw -a -P tcp -L $IP_INET 8080 -R 192.168.0.3 80 Quando tento acessar ipvalido:8080 ele fica esperando um tempao( loading... ), sem dar erro, e naum funciona. Quando eu troco $IP_INET por 192.168.0.10 (ip da rede interna) e acesso de dentro da rede dah o mesmo erro. O apache de 192.168.0.3 tah funcionando e pode ser acessado de qualquer maquina da rede interna. Naum sei o q falta (nunca fiz isso antes), naum sei se preciso carregar algum outro modulo. Descarreguei todas as regras do ipchains no roteador, deixei soh # ipchains -A forward -j MASQ portanto acho q naum tem nada bloqueando o acesso. Valeu tive o mesmo problema com o ipmasqadm no passado. eu acho que ele faz tudo certo, mas ele NAO FUNCIONA INTERNAMENTE, ou seja, uma máquina 192.168.x.x não consegue acessá-la através do roteador, mas somente internamente. Mas de fora da rede (a partir de um ip real) ele funciona perfeitamente. pelo menos esse era o problema no passado. a solução foi instalar outro utilitário chamado redir. ele não funciona em nível de kernel, mas funciona muito bem. pelo menos a gente utiliza ele para fazer exatamente o que voce quer :) sei que existe solução também pelo iptables... o novo do kernel 2.4... e talvez até funcione melhor []s --- -- - Jose Rafael Xavier dos Santos [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipmasqadm
On Wed, 31 Oct 2001, Joel Franco Guzmán wrote: On Wed, 31 Oct 2001, Jose Rafae Xavier dos Santos wrote: Ae pessoal To tendo alguns problemas tentando usar o ipmasqadm. Achei muita coisa sobre isso na net mas nada q solucionasse o meu problema. Preciso redirecionar a porta 8080 do maquina com acesso a internet(roteador) para a porta 80 de uma maquina da rede interna. ipvalido:8080 == 192.168.0.3:80 # insmod ip_masq_portfw # ipmasqadm portfw -a -P tcp -L $IP_INET 8080 -R 192.168.0.3 80 Quando tento acessar ipvalido:8080 ele fica esperando um tempao( loading... ), sem dar erro, e naum funciona. Quando eu troco $IP_INET por 192.168.0.10 (ip da rede interna) e acesso de dentro da rede dah o mesmo erro. O apache de 192.168.0.3 tah funcionando e pode ser acessado de qualquer maquina da rede interna. Naum sei o q falta (nunca fiz isso antes), naum sei se preciso carregar algum outro modulo. Descarreguei todas as regras do ipchains no roteador, deixei soh # ipchains -A forward -j MASQ portanto acho q naum tem nada bloqueando o acesso. Valeu tive o mesmo problema com o ipmasqadm no passado. eu acho que ele faz tudo certo, mas ele NAO FUNCIONA INTERNAMENTE, ou seja, uma máquina 192.168.x.x não consegue acessá-la através do roteador, mas somente internamente. Mas de fora da rede (a partir de um ip real) ele funciona perfeitamente. pelo menos esse era o problema no passado. Também tive este mesmo problema, só de fora que tudo funciona direitinho. a solução foi instalar outro utilitário chamado redir. ele não funciona em nível de kernel, mas funciona muito bem. pelo menos a gente utiliza ele para fazer exatamente o que voce quer :) Este eu não conheço. sei que existe solução também pelo iptables... o novo do kernel 2.4... e talvez até funcione melhor Eu não cheguei a testar, mas eu li que o iptables resolveria meu problema. []s --- -- - Jose Rafael Xavier dos Santos [EMAIL PROTECTED] []'s -- ::: .''`. ::: ::: : :' : ::: Rodrigo Morais Araujo (rma) [EMAIL PROTECTED] ::: `. `'` ::: UIN: 101720839 ::: `-:::
ipmasqadm bug in potato 2.2r3 - 2.2.18 - i386
Sorry I dont know the package that covers ipmasqadm. But on my system i386 Potato 2.2r3 kernel 2.2.18 the localhost cant open any internetconnections anymore when I have defined some portforwarding rules (or is it just the large number that causes the bug I dont know). Here is the script that generates the rules ($EXTIP is my external ip address): # BEGIN ## /usr/sbin/ipmasqadm portfw -f # DirectPlay Ports # port=2300 while [ $port -le 2400 ] do /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP $port -R 10.0.1.50 $port /usr/sbin/ipmasqadm portfw -a -P udp -L $EXTIP $port -R 10.0.1.50 $port port=$((port+1)) done # Suddenstrike Ports # port=28800 while [ $port -le 28900 ] do /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP $port -R 10.0.1.50 $port /usr/sbin/ipmasqadm portfw -a -P udp -L $EXTIP $port -R 10.0.1.50 $port port=$((port+1)) done # DirectPlay # /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 47624 -R 10.0.1.50 47624 # Operation Flashpoint # /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 2234 -R 10.0.1.50 2234 /usr/sbin/ipmasqadm portfw -a -P udp -L $EXTIP 2234 -R 10.0.1.50 2234 ### END ## As soon as I flush the rules the internet connection from the localhost is working again. From the network I can access the internet all the time. It seems as if only the localhost is affected. When I have the rules on, the connection looks like the following (netstat): tcp 0 1 N698P029.adsl.high:2353 www.google.com:www SYN_SENT It hangs at exactly that point. In lynx this is displayed as the message: Making http connection to www.google.com and then nothing. Ah yes I should also mention that dnslookup works though. So I can make nslookup www.google.com and get the right answer. (with the rules enabled). Though I cant open any tcp connection be it ftp or www. If you would be so kind to report back directly to me too as I am not subscribed to the mailing list. Thanks, Andreas
ipmasqadm portfw
i used to have this working like a champ, but now it folds its arms and laughs and evil laugh-- we're trying to establish port forwarding so that a box internal on our lan (192.168.1.2) can serve requests through the firewall, from 'out there'. # ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80 # ipmasqadm portfw -ln prot localaddrrediraddr lportrport pcnt pref TCP [PUBLIC_IP] 192.168.1.2 7890 801010 well, it LOOKS like it's up, but-- # nmap [PUBLIC_IP] -p 7890 Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/) No ports open for host server ([public_ip]) Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds which is bolstered by the fact that if i try to connect to public port :7890 from outside (that is, from a public ip out on the internet, trying to connect to port :7890 on my public ip address) i get deafening silence (unable to connect to host). is there another step i've forgotten? i'm on potato 2.2.17 and this was working earlier... -- DEBIAN NEWBIE TIP #48 from Will Trillich [EMAIL PROTECTED] : To peruse your CURRENT VIM SETTINGS (there's LOTS of them) from within Vim, simply do :options You can change them there, on-the-fly, as well. Type ctrl-W ctrl-W to switch panes or ctrl-W q to close one. Try :help to learn more. Also see http://newbieDoc.sourceForge.net/ ...
RE: ipmasqadm portfw
Pehaps I will tell non-senses but potato run a 2.2 kernel (2.2.17 in your case). So the tool for that kind of tricks is ipchains, isn't it? ipmasqadm is for kernel serie 2.0 no ? hope it helps jacques -Message d'origine- De : will trillich [mailto:[EMAIL PROTECTED] Envoyé : mardi 25 septembre 2001 11:15 À : debian-user@lists.debian.org Objet : ipmasqadm portfw i used to have this working like a champ, but now it folds its arms and laughs and evil laugh-- we're trying to establish port forwarding so that a box internal on our lan (192.168.1.2) can serve requests through the firewall, from 'out there'. # ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80 # ipmasqadm portfw -ln prot localaddrrediraddr lportrport pcnt pref TCP [PUBLIC_IP] 192.168.1.2 7890 801010 well, it LOOKS like it's up, but-- # nmap [PUBLIC_IP] -p 7890 Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/) No ports open for host server ([public_ip]) Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds which is bolstered by the fact that if i try to connect to public port :7890 from outside (that is, from a public ip out on the internet, trying to connect to port :7890 on my public ip address) i get deafening silence (unable to connect to host). is there another step i've forgotten? i'm on potato 2.2.17 and this was working earlier... -- DEBIAN NEWBIE TIP #48 from Will Trillich [EMAIL PROTECTED] : To peruse your CURRENT VIM SETTINGS (there's LOTS of them) from within Vim, simply do :options You can change them there, on-the-fly, as well. Type ctrl-W ctrl-W to switch panes or ctrl-W q to close one. Try :help to learn more. Also see http://newbieDoc.sourceForge.net/ ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipmasqadm portfw
On Tue, 25 Sep 2001 04:15:07 -0500 will trillich [EMAIL PROTECTED] wrote: i used to have this working like a champ, but now it folds its arms and laughs and evil laugh-- we're trying to establish port forwarding so that a box internal on our lan (192.168.1.2) can serve requests through the firewall, from 'out there'. # ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80 # ipmasqadm portfw -ln prot localaddrrediraddr lportrport pcnt pref TCP [PUBLIC_IP] 192.168.1.2 7890 801010 Have you allowed access to that port with ipchains? The packets will never get to your ipmasqadm rule if ipchains is rejecting/denying them on input. Something like this should work: ipchains -A input -p TCP -d [PUBLIC_IP] --destination-port 7890 -j ACCEPT
ipmasqadm portfw -a ... stopped working?
we're trying to establish port forwarding so that a box internal on our lan (192.168.1.2) can serve requests through the firewall, from 'out there'. i haven't even done apt-get upgrade lately -- and now ipmasqadm 'portfw' isn't working. (i may have missed a step, but /usr/share/doc/ didn't help ring any bells...) # ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80 # ipmasqadm portfw -ln prot localaddrrediraddr lportrport pcnt pref TCP [PUBLIC_IP] 192.168.1.2 7890 801010 well, it LOOKS like it's up, but-- # nmap [PUBLIC_IP] -p 7890 Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/) No ports open for host server ([public_ip]) Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds which is bolstered by the fact that if i try to connect to public port :7890 from outside i get deafening silence (unable to connect to host). is there another step i've forgotten? i'm on potato 2.2.17 and this was working earlier... [PUBLIC_IP] is, of course the client's actual ip address, if you wondered... :) -- DEBIAN NEWBIE TIP #73 from USM Bish [EMAIL PROTECTED] : Looking for a way to CAPTURE A TRANSCRIPT OF SOME COMMANDS? Easy! To catch anything from the screen when it scrolls by, use script: script file-to-save-transcript-in.txt command command exit == don't forget this! (It spawns another shell, and displays everything so you can work -- but it also saves the output in the file at the same time.) Then pager file-*transcript* to review it. Or email it. Or edit it to include in a manual you're writing. Also see http://newbieDoc.sourceForge.net/ ...
ipmasqadm portfw and apache
I'd like to forward all requests on port 80 thru my firewall, however, I use VirtualHosts under apache. Is there a way to forward the port with the desired host name? Or can I do it based on the hostname desired? (eg forward a request to www.foo.com to port 81 and a request to www.bar.com to 82). Thanks, Jason
Re: ipmasqadm portfw and apache
Jason Majors wrote: I'd like to forward all requests on port 80 thru my firewall, however, I use VirtualHosts under apache. Is there a way to forward the port with the desired host name? Or can I do it based on the hostname desired? (eg forward a request to www.foo.com to port 81 and a request to www.bar.com to 82). Thanks, Jason Forwarding the port will not change the actual HTTP request which is what the VirtualHosts depends on. I think it should be pretty transparent (though I've never tried it). Are you having a problem doing this or are you just asking in preparation of setting it up?
Re: ipmasqadm portfw and apache
On Wed, Aug 29, 2001 at 11:51:48AM -0700, Tim Moss scribbled... Jason Majors wrote: I'd like to forward all requests on port 80 thru my firewall, however, I use VirtualHosts under apache. Is there a way to forward the port with the desired host name? Or can I do it based on the hostname desired? (eg forward a request to www.foo.com to port 81 and a request to www.bar.com to 82). Thanks, Jason Forwarding the port will not change the actual HTTP request which is what the VirtualHosts depends on. I think it should be pretty transparent (though I've never tried it). Are you having a problem doing this or are you just asking in preparation of setting it up? I already did it. When I forwarded to the internal box, all requests were served by the default html/ directory, not the virtual host matching the url I typed.
Re: ipmasqadm portfw and apache
Jason Majors wrote: I'd like to forward all requests on port 80 thru my firewall, however, I use VirtualHosts under apache. Is there a way to forward the port with the desired host name? Or can I do it based on the hostname desired? (eg forward a request to www.foo.com to port 81 and a request to www.bar.com to 82). Thanks, Jason I think I figured it out...it's not the port issue. When I add a second NameVirtualHost foo and VirtualHost foo, I get the warning from apache [warn] NameVirtualHost tmr.whizzird.net:80 has no VirtualHosts, so I'd guess that there's something in the order of the httpd.conf. When this happens the special hosts entry I created goes back to the default page for the server, but when there's only one VirtualHost, that hosts entry goes to the VirtualHost. I get the same warnings on the firewall, but virtual hosting works fine. Does anybody have experience with multiple VirtualHost entries? Or know the correct format? I'm doing: NameVirtualHost domainone NameVirtualHost domaintwo NameVirtualHost domainthree VirtualHost domainone ... /VirtualHost VirtualHost domaintwo ... /VirtualHost VirtualHost domainthree ... /VirtualHost Thanks, Jason
Re: ipmasqadm portfw and apache
On Wed, Aug 29, 2001 at 01:39:21PM -0700, Jason Majors scribbled... Does anybody have experience with multiple VirtualHost entries? Or know the correct format? I'm doing: NameVirtualHost domainone NameVirtualHost domaintwo NameVirtualHost domainthree VirtualHost domainone ... /VirtualHost VirtualHost domaintwo ... /VirtualHost VirtualHost domainthree ... /VirtualHost I got it working. I feel kinda dumb...for those who'd like to know how to do it: NameVirtualHost 1.2.3.4 # MUST BE AN IP! (my mistake). VirtualHost foo.domain.com # I had to put the specific one before a generic ... # www to get the specific to come up. /Virtualhost VirtualHost www.domain.com ... /VirtualHost VirtualHost www.domaintwo.com ... /VirtualHost
ipmasqadm and libc5 problems
Hi there, Has anyone tried to use IPMASQADM to get PPTP support in IPMASQ (so I can access my work VPN from behind the linux firewall)? I downloaded the IPMASQADM module as well as a new version of libc5 (required by IPMASQADM) and basically killed a shitload of stuff on my server. I'm guessing it's the new version of libc5 as I really haven't configured anything to work with IPMASQADM yet. Any help/similar experiences would be appreciated. Cheers Stephen
ipmasqadm portfw vs autofw vs rinetd ?
hi today i had a small problem trying to get portfw to forward connections to another netowrk. what i wanted to do was send connections from port X accross our T1s to a place on the other side of the country(all the internal traffic is using non routable ips..) however it did not work .. connection couldn't be made. directing a connection to an ip on the local network worked fine. i thought about using autofw but i could not find a way to specify an IP address to listen on to forward, as there are other ips on the machine forwarding the same port number to various internal machines, i have to specify the ip. the temporary solution was to use rinetd, which seemed to work fine.. but i'm curious if this is possible with portfw? the command i was using: /usr/sbin/ipmasqadm portfw -a -P tcp -L EXTERNAL_IP PORT -R INTERNAL_IP PORT since it worked when i directed it to a local ip i figure my syntax is fine ...but i dont understand what is different about portfw vs rinetd (other then one bein kernel and the other bein userspace) that lets rinetd work and portfw not.. any ideas ?? thanks! nate
OT mucho: Actualizacion atr3s utilizando ipmasqadm
Hola a todos y perdon por el offtopic. Tenemos un aplicacion de nominas atr3s que se puede actualizar por Internet, pero usando el Explorer, el caso es que para salir a internet estamos usando una maquina con Debian, y sale correctamente, pero cuando el usuario pide actualizar la aplicacion esta, siempre le devuelve el mismo error, relativo a autorizaciones de usuario, los de atencion a usuario no tienen ni idea de lo que es un Linux, y la solucion que proponen es que conectemos usando un modem en modo local, y ellos lo tienen todo bien configurado y tal, desde ese mismo host se conecta con la agencia tributaria y sitios asi. ¿Hay alguien en la lista que tenga la aplicacion esta de nominas, y actualice con una maquina Linux (ipmasq)? Saludos y perdon nuevamente por el OT.
Re: anyone know ipmasqadm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Check the PATH It's posible ipmasqadm reside in a directly which is not on your path. have u check with 'locate'? 'which or just trying to execute the command it's not as u must look for a program. Seeya At 18.53 6/7/00 -0700, Bob Nielsen wrote: ipmasqadm is contained in the Debian netbase package (for potato, at least). On Thu, Jul 06, 2000 at 05:58:50PM -0700, Nick wrote: anyone know how to setup ipmasqadm? so far i got a hold of a rpm package and aliened it installed it and i have problems using it. no man no ipmasqadm utiliy what gives? anyone know of a deb that works??? -- Bob Nielsen, N7XY [EMAIL PROTECTED] Bainbridge Island, WA http://www.oz.net/~nielsen -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com iQA/AwUBOWVtDisLx+BnL30YEQLsmgCghwnzgwor3vPTGED2ZVQSWsPUkNIAoIuZ CnpqTBtA+BYNcsomuSmjRXLZ =frJm -END PGP SIGNATURE-
anyone know ipmasqadm
anyone know how to setup ipmasqadm? so far i got a hold of a rpm package and aliened it installed it and i have problems using it. no man no ipmasqadm utiliy what gives? anyone know of a deb that works???
Re: anyone know ipmasqadm
ipmasqadm is contained in the Debian netbase package (for potato, at least). On Thu, Jul 06, 2000 at 05:58:50PM -0700, Nick wrote: anyone know how to setup ipmasqadm? so far i got a hold of a rpm package and aliened it installed it and i have problems using it. no man no ipmasqadm utiliy what gives? anyone know of a deb that works??? -- Bob Nielsen, N7XY [EMAIL PROTECTED] Bainbridge Island, WA http://www.oz.net/~nielsen
installing ipmasqadm
hello list, today i decided to install ipmasqadm but ran into some difficulty i untarred it into the /usr/src directory then i ran make install and got the following error: install -m 700 -o root modules/*.so /usr/lib/ipmasqadm install: modules/*.so: No such file or directory make: *** [install] Error 1 do i need to point something somewhere? this is the ipmasqadm-0.4.2.tar.gz package thankx guys
Re: ipmasqadm
At 09:02 AM 12/9/99 -0800, Dave Wiard wrote: could somebody help me out with this one. i'm trying to masq my amd behind my alpha, but i only get the following error reported back upon trying to exec ipmasqadm: /usr/sbin/ipmasqadm portfw -a -P tcp -L $SEEN_IP 4000 -R $HIDE_IP 4000 portfw: setsockopt failed: Invalid argument Are you trying to masq ICQ ? For normal masq usage use ipchains, for ICQ there is a beta kernel module. i'm running potato with kernel 2.2.13. any help getting this to run would be much appreciated. -- dave wiard computer scienc [EMAIL PROTECTED] western washington university http://www.wcug.wwu.edu/~davew -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: ipmasqadm
On Fri, 10 Dec 1999 10:18:43 +0100, Onno wrote: At 09:02 AM 12/9/99 -0800, Dave Wiard wrote: could somebody help me out with this one. i'm trying to masq my amd behind my alpha, but i only get the following error reported back upon trying to exec ipmasqadm: /usr/sbin/ipmasqadm portfw -a -P tcp -L $SEEN_IP 4000 -R $HIDE_IP 4000 portfw: setsockopt failed: Invalid argument Are you trying to masq ICQ ? For normal masq usage use ipchains, for ICQ there is a beta kernel module. I think we have a little misunderstanding here. I've already tried to help Dave privately. From what I've understood he's NOT trying to masq the connection, but he's trying to forward traffic to the ICQ port on his router to one of his internal LAN machines. For this purpose the above command is perfectly ok. I'm using the same commands to redirect POP3, SMTP, ssh, etc. to my internal server machine. HOWEVER, he gets the above error message which I can't explain. He has by my directions built the portfw module and loaded it. Loading it works without errors so he should be fine, but still he gets the error setsockopt. According to my experience this error message is a message that originates in the kernel. *I* can execute the exact same statement on *my* box without any error messages, so I guess there must be something wrong with his setup (wrong ipmasqadm binary?!). -- Sign the EU petition against SPAM: L I N U X .~. http://www.politik-digital.de/spam/The Choice /V\ of a GNU /( )\ Generation ^^-^^
ipmasqadm
could somebody help me out with this one. i'm trying to masq my amd behind my alpha, but i only get the following error reported back upon trying to exec ipmasqadm: /usr/sbin/ipmasqadm portfw -a -P tcp -L $SEEN_IP 4000 -R $HIDE_IP 4000 portfw: setsockopt failed: Invalid argument i'm running potato with kernel 2.2.13. any help getting this to run would be much appreciated. -- dave wiard computer scienc [EMAIL PROTECTED] western washington university http://www.wcug.wwu.edu/~davew
ipmasqadm
could somebody give me some pointers on how to use ipmasqadm? i don't seem to have a man page for it and 'usage: ipmasqadm MODULE [opts] ' doesn't help me much. i don't have a lot of experience with loadable modules and such. -- dave wiard computer science [EMAIL PROTECTED]western washington university http://www.wcug.wwu.ed/~davew
Re: ipmasqadm
On Sun, 5 Dec 1999 23:38:48 -0800 (PST), Dave Wiard wrote: could somebody give me some pointers on how to use ipmasqadm? i don't Use it e.g. to forward accesses to a port on your firewall to an internal machine like this: /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXT_IP ssh -R $INT_HOST ssh The above means: redirect accesses to machine $EXT_IP/port ssh to machine $INT_HOST, port ssh. seem to have a man page for it and 'usage: ipmasqadm MODULE [opts] ' doesn't help me much. i don't have a lot of experience with loadable modules and such. There IS a man page for it: # dpkg -S ipmasqadm [...] netbase: /usr/man/man8/ipmasqadm.8.gz # dpkg -l netbase [...] ii netbase 3.12-2 Basic TCP/IP networking binaries You can get basic help by invoking the following: # ipmasqadm portfw -h Usage: portfw -a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF] add entry portfw -d -P PROTO -L LADDR LPORT [-R RADDR RPORT] delete entry portfw -f clear table portfw -l list table portfw args -n no names PROTO is the protocol, can be tcp or udp LADDR is the local interface receiving packets to be forwarded. LPORT is the port being redirected. RADDR is the remote address. RPORT is the port being redirected to. PREF is the preference level (load balancing, default=10) and # ipmasqadm autofw Usage: ipautofw command options Valid commands: -A add new autoforward entry -D delete an autoforward entry -F flush the autoforward table Valid options: -r type low high forwarding on ports low to high using protocol type (tcp or udp) -h hostIP address of host to receive forwarded packets -d type low high specifies a set of ports which will not use the default high range (6+) masquerade port area -p type visible host:hidden set up port bouncing from visible host port to masqueraded host host on port hidden, protocol type (currently not supported) -c type port specifies a control port and protocol -u Do _not_ require that a host connect within 15 seconds of triggering the control port -i Insecure mode; any host many connect after implied by not using the -c option or implied by using the -h option once the control port has been triggered -v Verbose mode and also # ipmasqadm mfw Usage: mfw -A -m FWMARK -r RADDR RPORT [-p PREF] add entry mfw -D -m FWMARK [-r RADDR RPORT] delete entry mfw -E -m FWMARK [-r RADDR RPORT] edit entry mfw -S -m FWMARK force scheduling mfw -Fclear table mfw -Llist table mfw args -n no names FWMARK is the fwmark being redirected. RADDR is the remote address. RPORT is the port being redirected to. PREF is the preference level (load balancing, default=10) There should also be some docs under /usr/doc/ipportfw. HTH, Ralf -- Sign the EU petition against SPAM: L I N U X .~. http://www.politik-digital.de/spam/The Choice /V\ of a GNU /( )\ Generation ^^-^^
ipmasqadm portfw not working to Sun
I am running linux 2.2.12 w/potato netbase and glibc2.1 on my ipmasq'ing slink machine. Port forwarding works great to internal linux boxen. I can't get it to work to my Sun (Solaris 7) tho... tcpdump shows the packets going to the sun but nothing comes back. I am just setting up this Sun so I can fool with anything... is it rejecting the connection for some reason? I am not very familiar with Solaris... redir works OK thru the ipmasq machine to the Sun, but this will be a high volume connection and I want the efficiency and ease of management provided by portfw! Any pointers would be greatly appreciated!! Michael Laing
Re:[SOLVED] ipmasqadm question
At 3/5/99 07:46 AM -0600, [EMAIL PROTECTED] wrote: Quoting Ralf G. R. Bergs [EMAIL PROTECTED]: On Thu, 04 Mar 1999 19:52:34 -0600, [EMAIL PROTECTED] wrote: I checked with dselect and found I have ipmasq 3.3.1 installed already. There is NO sign of ipmasqadm on my system anywhere. I have run 'find / -name ipmasqadm' with no hits. I do appreciate your help. Please don't stop now, but I am in no big hurry. Perhaps there are others out there that have the needed info. Ok, another day, another try. :-) Here's the info you want, but you may not like it: #dpkg -S ipmasqadm netbase: /usr/sbin/ipmasqadm [...] #dpkg -l netbase Desired=Unknown/Install/Remove/Purge | Status=Not/Installed/Config-files/Unpacked/Failed-config |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status, ||/ NameVersionDescription +++-===-==-= ii netbase 3.12-2 Basic TCP/IP networking binaries As you see it's the unstable version of netbase. Don't worry you can install it without having to fear that it breaks your system (at least it didn't on my system ;-) Thank you Ralf, You have found the missing ipmasqadm for me. I am not getting the same returns you are showing using the 'dpkg -S' and '-l' commands, (I will leave that for another thread). I don't have any problem playing with the new toys. I just have not installed from potato untill needed. I know it has been way over a month... but I just got around to doing this upgrade to slink from hamm. Then I started to read this thread! hummm, this is a problem, and due to my lateness, I cannot get a netbase 3.12 from POTATO. The unstable release is 3.14-1, but that requires you to install libc6 from potato, and that requires ldso (followed by libstdc++2.9, apt, development clibs). Long story short most the libs basically need to be upgraded just to use ipmasqadm. That is not a good thing in my opinion. I should just run potato if that is the case. Now dselect reminds me of all the programs that I have broken (not really but it bitches). If slink's netbase is not going to include ipmasqadm, then there needs to be a package for ipmasqadm. To go to potato's netbase cleanly, involves many iteration. Just my $.02 --Jay Barbee
Re: [SOLVED] ipmasqadm question
Jay Barbee wrote: hummm, this is a problem, and due to my lateness, I cannot get a netbase 3.12 from POTATO. The unstable release is 3.14-1, but that requires you to install libc6 from potato, and that requires ldso (followed by libstdc++2.9, apt, development clibs). try http://www.debian.org/~rcw/2.2/netbase/netbase_3.12-2_i386.deb -Pat
Re: ipmasqadm question
Quoting Ralf G. R. Bergs [EMAIL PROTECTED]: On Thu, 04 Mar 1999 15:51:51 -0600, [EMAIL PROTECTED] wrote: Please help me find this beast :-) I *think* it's http://ftp.gwdg.de/pub/linux/debian/dists/unstable/main/binary- i386/net/ipmasq_3.3.1.deb Unfortunately I'm still under NT (:-) and I can't easily boot into the Debian system I have the binary installed under since this would involve removing my IDE hard drive and replacing it against the other drive, and I need to get work done at the moment. Could you check the above URL, and if it turns out that this is NOT ipmasqadm get back to me? Ralf -- Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany +49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED] * PGP ok! Sign the EU petition against SPAM: http://www.politik-digital.de/spam/ Ralf, Thanks but... I checked with dselect and found I have ipmasq 3.3.1 installed already. There is NO sign of ipmasqadm on my system anywhere. I have run 'find / -name ipmasqadm' with no hits. I do appreciate your help. Please don't stop now, but I am in no big hurry. Perhaps there are others out there that have the needed info. Danke, (sp?) -Bill - This mail sent through IMP: http://web.horde.org/imp/
Re: ipmasqadm question
Are you sure you don't mean ipfwadm (which is part of netbase)? Bob On Thu, 4 Mar 1999 [EMAIL PROTECTED] wrote: I checked with dselect and found I have ipmasq 3.3.1 installed already. There is NO sign of ipmasqadm on my system anywhere. I have run 'find / -name ipmasqadm' with no hits. I do appreciate your help. Please don't stop now, but I am in no big hurry. Perhaps there are others out there that have the needed info. Bob Nielsen Internet: [EMAIL PROTECTED] Tucson, AZ AMPRnet: [EMAIL PROTECTED] DM42nh http://www.primenet.com/~nielsen
Re: ipmasqadm question
Quoting Bob Nielsen [EMAIL PROTECTED]: Are you sure you don't mean ipfwadm (which is part of netbase)? Bob On Thu, 4 Mar 1999 [EMAIL PROTECTED] wrote: I checked with dselect and found I have ipmasq 3.3.1 installed already. There is NO sign of ipmasqadm on my system anywhere. I have run 'find / -name ipmasqadm' with no hits. I do appreciate your help. Please don't stop now, but I am in no big hurry. Perhaps there are others out there that have the needed info. Bob Nielsen Internet: [EMAIL PROTECTED] Tucson, AZ AMPRnet: [EMAIL PROTECTED] DM42nh http://www.primenet.com/~nielsen Hi Bob, I believe ipfwadm only works with kernels 2.1.90 or so. The reading I get from the kernel source with 2.2.1 is that ipmasqadm is required. This thread has been heavily cut. The full details of my system are: Slink (mostly) 2.2.1 kernel Looking for port forwarding tool(s). Thanks for you help, -Bill - This mail sent through IMP: http://web.horde.org/imp/
Re: ipmasqadm question
On Thu, 04 Mar 1999 20:24:38 -0600, [EMAIL PROTECTED] wrote: I believe ipfwadm only works with kernels 2.1.90 or so. The reading I get from the kernel source with 2.2.1 is that ipmasqadm is required. You're right. ipfwadm is obsolete for 2.2.x kernels. Ralf -- Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany +49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED] * PGP ok! Sign the EU petition against SPAM: http://www.politik-digital.de/spam/
Re: ipmasqadm question
On Thu, 04 Mar 1999 19:52:34 -0600, [EMAIL PROTECTED] wrote: I checked with dselect and found I have ipmasq 3.3.1 installed already. There is NO sign of ipmasqadm on my system anywhere. I have run 'find / -name ipmasqadm' with no hits. I do appreciate your help. Please don't stop now, but I am in no big hurry. Perhaps there are others out there that have the needed info. Ok, another day, another try. :-) Here's the info you want, but you may not like it: #dpkg -S ipmasqadm netbase: /usr/sbin/ipmasqadm [...] #dpkg -l netbase Desired=Unknown/Install/Remove/Purge | Status=Not/Installed/Config-files/Unpacked/Failed-config |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status, ||/ NameVersionDescription +++-===-==-= ii netbase 3.12-2 Basic TCP/IP networking binaries As you see it's the unstable version of netbase. Don't worry you can install it without having to fear that it breaks your system (at least it didn't on my system ;-) Danke, (sp?) You're welcome. (The spelling of Danke is right. :-) Ralf -- Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany +49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED] * PGP ok! Sign the EU petition against SPAM: http://www.politik-digital.de/spam/
Re: ipmasqadm question
Subject: ipmasqadm question Date: Thu, Mar 04, 1999 at 01:25:07PM -0600 In reply to:[EMAIL PROTECTED] Quoting [EMAIL PROTECTED]([EMAIL PROTECTED]): Hello all, I seem to be lost on this issue, but here goes. I am running a mostly slink system with a 2.2.1 kernel. How do I enable port forwarding with this setup? I have the kernel built correctly, (I believe), so I am not concerned in that area. My question has to do with the tool(s) used to manage the port forwarding. It looks like the ipportfw tool only works with a kernel 2.1.90. I have read that the tool I am looking for is called ipmasqadm, found at: http://juanjox.linuxhq.com/ I have found the RH RPM at this site, along with the source code for this tool. My first try at compiling and installing was unsuccessful. (I have not put too much effort into this approach yet). GREAT Firewall/masquerading INFO Site http://rlz.ne.mediaone.net/linux/firewall/ -- | LINUX - Because a PC is a terrible thing to waste..on WinDoze | ___ Wayne T. Topa [EMAIL PROTECTED]
Re:[SOLVED] ipmasqadm question
Quoting Ralf G. R. Bergs [EMAIL PROTECTED]: On Thu, 04 Mar 1999 19:52:34 -0600, [EMAIL PROTECTED] wrote: I checked with dselect and found I have ipmasq 3.3.1 installed already. There is NO sign of ipmasqadm on my system anywhere. I have run 'find / -name ipmasqadm' with no hits. I do appreciate your help. Please don't stop now, but I am in no big hurry. Perhaps there are others out there that have the needed info. Ok, another day, another try. :-) Here's the info you want, but you may not like it: #dpkg -S ipmasqadm netbase: /usr/sbin/ipmasqadm [...] #dpkg -l netbase Desired=Unknown/Install/Remove/Purge | Status=Not/Installed/Config-files/Unpacked/Failed-config |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status, ||/ NameVersionDescription +++-===-==-= ii netbase 3.12-2 Basic TCP/IP networking binaries As you see it's the unstable version of netbase. Don't worry you can install it without having to fear that it breaks your system (at least it didn't on my system ;-) Danke, (sp?) You're welcome. (The spelling of Danke is right. :-) Ralf -- Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany +49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED] * PGP ok! Sign the EU petition against SPAM: http://www.politik-digital.de/spam/ Thank you Ralf, You have found the missing ipmasqadm for me. I am not getting the same returns you are showing using the 'dpkg -S' and '-l' commands, (I will leave that for another thread). I don't have any problem playing with the new toys. I just have not installed from potato untill needed. Thanks again for your help. -Bill - This mail sent through IMP: http://web.horde.org/imp/
Re: ipmasqadm question
Bill, Yes, the thread was cut a bit. I didn't see the part about 2.2.1, sorry. I am not running ppp on my machine with 2.2.2, but Documentation/Changes says: As of 2.1.102, the IP firewalling code has been replaced; ipfwadm will no longer work. You need to obtain ipchains, available from http://www.rustcorp.com/linux/ipchains/ , and use that instead of ipfwadm. To use masq forwarding you will need to obtain ipmasqadm, available from http://juanjox.linuxhq.com/ . The frozen and unstable Packages file discription for ipmasq refers to a ipmasqadm package, but this package does not seem to exist. Until it gets packaged, you'll have to get it from the sources mentioned above. Bob On Thu, 4 Mar 1999 [EMAIL PROTECTED] wrote: Quoting Bob Nielsen [EMAIL PROTECTED]: Are you sure you don't mean ipfwadm (which is part of netbase)? Bob On Thu, 4 Mar 1999 [EMAIL PROTECTED] wrote: I checked with dselect and found I have ipmasq 3.3.1 installed already. There is NO sign of ipmasqadm on my system anywhere. I have run 'find / -name ipmasqadm' with no hits. I do appreciate your help. Please don't stop now, but I am in no big hurry. Perhaps there are others out there that have the needed info. Bob Nielsen Internet: [EMAIL PROTECTED] Tucson, AZ AMPRnet: [EMAIL PROTECTED] DM42nh http://www.primenet.com/~nielsen Hi Bob, I believe ipfwadm only works with kernels 2.1.90 or so. The reading I get from the kernel source with 2.2.1 is that ipmasqadm is required. This thread has been heavily cut. The full details of my system are: Slink (mostly) 2.2.1 kernel Looking for port forwarding tool(s). Thanks for you help, -Bill - This mail sent through IMP: http://web.horde.org/imp/ Bob Nielsen Internet: [EMAIL PROTECTED] Tucson, AZ AMPRnet: [EMAIL PROTECTED] DM42nh http://www.primenet.com/~nielsen
ipmasqadm question
Hello all, I seem to be lost on this issue, but here goes. I am running a mostly slink system with a 2.2.1 kernel. How do I enable port forwarding with this setup? I have the kernel built correctly, (I believe), so I am not concerned in that area. My question has to do with the tool(s) used to manage the port forwarding. It looks like the ipportfw tool only works with a kernel 2.1.90. I have read that the tool I am looking for is called ipmasqadm, found at: http://juanjox.linuxhq.com/ I have found the RH RPM at this site, along with the source code for this tool. My first try at compiling and installing was unsuccessful. (I have not put too much effort into this approach yet). Questions: 1- Am I on the right track with the ipmasqadm? 2- Is there a .deb out there for ipmasqadm? 3- If not, would I be better off using alien and the .rpm route or compiling my own install? I have searched the Debian site and found this similar question asked twice in recent months. In both cases, I was not able to find answers to these questions on the list. Thanks for your considerations, --Bill - This mail sent through IMP: http://web.horde.org/imp/
Re: ipmasqadm question
On Thu, 04 Mar 1999 13:25:07 -0600, [EMAIL PROTECTED] wrote: 1- Am I on the right track with the ipmasqadm? Yes. YOu invoke it like this: ipmasqadm portfw ... 2- Is there a .deb out there for ipmasqadm? Yes. I'm pretty sure that I did NOT compile it myself. I think I fetched the unstable version of the program. I'm not sure whether it's a stand- alone package, or whether it's included in some net* package. In case you can't find it ask me again and I will look it up (I'm under NT right now.) -- Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany +49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED] * PGP ok! Sign the EU petition against SPAM: http://www.politik-digital.de/spam/
Re: ipmasqadm question
Quoting Ralf G. R. Bergs [EMAIL PROTECTED]: On Thu, 04 Mar 1999 13:25:07 -0600, [EMAIL PROTECTED] wrote: 1- Am I on the right track with the ipmasqadm? Yes. YOu invoke it like this: ipmasqadm portfw ... 2- Is there a .deb out there for ipmasqadm? Yes. I'm pretty sure that I did NOT compile it myself. I think I fetched the unstable version of the program. I'm not sure whether it's a stand- alone package, or whether it's included in some net* package. In case you can't find it ask me again and I will look it up (I'm under NT right now.) -- Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany +49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED] * PGP ok! Sign the EU petition against SPAM: http://www.politik-digital.de/spam/ -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null Ralf, Please help me find this beast :-) Thanks so very much. -Bill - This mail sent through IMP: http://web.horde.org/imp/
Re: ipmasqadm question
On Thu, 04 Mar 1999 15:51:51 -0600, [EMAIL PROTECTED] wrote: Please help me find this beast :-) I *think* it's http://ftp.gwdg.de/pub/linux/debian/dists/unstable/main/binary- i386/net/ipmasq_3.3.1.deb Unfortunately I'm still under NT (:-) and I can't easily boot into the Debian system I have the binary installed under since this would involve removing my IDE hard drive and replacing it against the other drive, and I need to get work done at the moment. Could you check the above URL, and if it turns out that this is NOT ipmasqadm get back to me? Ralf -- Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany +49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED] * PGP ok! Sign the EU petition against SPAM: http://www.politik-digital.de/spam/
ipmasqadm package?
Just tried making a package of ftp://ftp.compsoc.net/users/steve/ipsubs/linux21/ipmasqadm-0.3.2.tar.gz but failed. I compiled it with no trouble so I installed it under /usr/local only to find that I cannot make it work. Has anyone any knowledge of this? I seem to remember some recent traffic on this or a similar topic related to 2.0.36. Anyone working with 2.1.x + ipchains + masquerade + eql and having problems is invited to contact me privately - I may be able to help. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Lindsay Allen [EMAIL PROTECTED] Perth, Western Australia voice +61 8 9316 2486 32.0125S 115.8445E vk6lj Debian Linux =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=