ipmasqadm and firewall stuff

[jeff]

ok... so, i have this nice new firewall script that's auto-executed whenever
i start rp-pppoe...

i'm connecting using ADSL, so ppp0 is different every time i connect (which
isn't very frequent unless something goes whacky on the ISP's side). so,
here's the deal...  i have a nice ipmasqadm part that forwards ICQ stuff for
me:

ipmasqadm portfw -a -P tcp -L 4.x.x.x 4000 -R 192.168.1.11 4000

now then... i had to manually put in my $EXTERNAL_INTERFACE (the 4.x.x.x)
because for some reason, ipmasqadm won't accept the variable.

i would like the ipmasqadm to work with the variable for ppp0
($EXTERNAL_INTERFACE)...   rather than manually typing in the dang external
ip and re-running the script just so i can use ICQ.

any idears?

thanks!!!

-jeff


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: ipmasqadm and firewall stuff

[Jamin W . Collins]

On Wed, 11 Sep 2002 15:46:34 -0400
jeff [EMAIL PROTECTED] wrote:

 ipmasqadm portfw -a -P tcp -L 4.x.x.x 4000 -R 192.168.1.11 4000
 
 now then... i had to manually put in my $EXTERNAL_INTERFACE (the
 4.x.x.x) because for some reason, ipmasqadm won't accept the variable.

Hmmm, ipmasqadm has nothing to do with the variable.  The variable should
be expanded by your shell prior ot the command execution.  What happens
when you try to use the variable in place of the actual IP.  Have you
verified that the variable contains that correct information, and nothing
more, just before the execution of this command.  If you are using bash,
have you tried adding a '-x' after the #!/bin/bash at the top of the
script?

-- 
Jamin W. Collins


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: ipmasqadm and firewall stuff

[jeff]

- Original Message -
From: Jamin W.Collins [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 11, 2002 3:56 PM
Subject: Re: ipmasqadm and firewall stuff


 On Wed, 11 Sep 2002 15:46:34 -0400
 jeff [EMAIL PROTECTED] wrote:

  ipmasqadm portfw -a -P tcp -L 4.x.x.x 4000 -R 192.168.1.11 4000
 
  now then... i had to manually put in my $EXTERNAL_INTERFACE (the
  4.x.x.x) because for some reason, ipmasqadm won't accept the variable.

 Hmmm, ipmasqadm has nothing to do with the variable.  The variable should
 be expanded by your shell prior ot the command execution.  What happens
 when you try to use the variable in place of the actual IP.  Have you
 verified that the variable contains that correct information, and nothing
 more, just before the execution of this command.  If you are using bash,
 have you tried adding a '-x' after the #!/bin/bash at the top of the
 script?

 --
 Jamin W. Collins


 --
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]


hi jamin...

all i had to do was do a double-take on my script and i figured it out.

right at the beginning, i totally missed this:

IPADDR=`/sbin/ifconfig ppp0 |  grep inet addr | awk -F: '{print$2}' |
awk '{print $1)' `

there's my missing variable... i only get a small self-inflicted DUH this
time because i actually figured it out...  LOL...

it works fine with the above ipmasqadm statement:

ipmasqadm portfw -a -P tcp -L $IPADDR 4000 -R 192.168.1.11 4000

anyway, i'm still fairly new to linux... and damn there's so much to
learn...  but i love it...

thanks for the quick reply anyway

-jeff


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

debian ipmasq ipmasqadm portfw

[Fernando R]

Hola estimados listeros:

Me estoy rompiendo la cabeza y no consigo hacer funcionar esto del
portfw.
Tengo un potato con el paquete ipmasq funcionando con las
opciones por default salvo que una unica ip hace masquerade
(10.1.85.95).
Quiero publicar un apache que esta en la 10.1.85.91 y no funciona.
Lo que he puesto es lo siguiente:

ipmasqadm portfw -f
ipchains -I forward -i eth0 -j MASQ
ipmasqadm portfw -a -P tcp -L 200.20.20.200 80 -R 10.1.85.91 80

Estoy seguro que el problema esta con alguna otra de las reglas pero no
puedo encontrar donde esta el problema.

Saludos y muchas gracias a todos.
Vamos debian todavia !!!

Fernando - Argentina

o-
Este es el resultado de mi ipchains-save luego de ejecutar estas 3 lineas:
:input DENY
:forward DENY
:output DENY
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i lo -j ACCEPT
-A input -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i ! lo -j DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 255.255.255.255/255.255.255.255 -i eth1 -j
ACCEPT
-A input -s 10.1.85.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 224.0.0.0/240.0.0.0 -i eth1 -p ! 6 -j ACCEPT
-A input -s 10.1.85.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DENY -l
-A input -s 0.0.0.0/0.0.0.0 -d 255.255.255.255/255.255.255.255 -i eth0 -j
ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 200.20.20.200/255.255.255.255 -i eth0 -j
ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 200.20.20.255/255.255.255.255 -i eth0 -j
ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l
-A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j MASQ
-A forward -s 10.1.85.95/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -j MASQ
-A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i lo -j ACCEPT
-A output -s 0.0.0.0/0.0.0.0 -d 10.1.85.0/255.255.255.0 -i eth1 -j ACCEPT
-A output -s 0.0.0.0/0.0.0.0 -d 224.0.0.0/240.0.0.0 -i eth1 -p ! 6 -j ACCEPT
-A output -s 0.0.0.0/0.0.0.0 -d 10.1.85.0/255.255.255.0 -i eth0 -j DENY -l
-A output -s 200.20.20.200/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -j
ACCEPT
-A output -s 200.20.20.255/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -j
ACCEPT
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: debian ipmasq ipmasqadm portfw

[sTone heAd]

usa iptables ;)
claro q necesitas un kernel 2.4
es menos engorroso y se puede manejar mejor

saludos
-- 
Get your free email from www.linuxmail.org 


Powered by Outblaze


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

ipmasqadm portfw

[manu]

Bonjour je recherche de la doc sur ipmasqadm portfw

je n'arrive a rien malgres les differentes docs que je trove sur le net

voila la commande que jutilise ipmasqadm portfw -a -P tcp -L 192.168.1.100 80 -
R 150.0.0.100 80

la commande est bien valide pas de message d'erreur le forwrad est bien active 
mais voila aucun resultat 

voila merci pour une reponse si vous avez une idée @++ et Merci

Re: ipmasqadm portfw

[Pierre Gambarotto]

* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote:
 Bonjour je recherche de la doc sur ipmasqadm portfw
 
 je n'arrive a rien malgres les differentes docs que je trove sur le net
 
 voila la commande que jutilise ipmasqadm portfw -a -P tcp -L 192.168.1.100 80 
 -
 R 150.0.0.100 80
 
 la commande est bien valide pas de message d'erreur le forwrad est bien 
 active 
 mais voila aucun resultat 
 
As-tu bien active le routage ?

Que donne : cat /proc/sys/net/ipv4/ip_forward ?
Si c'est 1, oublie ce que je viens de dire.
Sinon, echo 1  /proc/sys/net/ipv4/ip_forward.

Pierre

Re: ipmasqadm portfw

[Eric LeBlanc]

 voila la commande que jutilise ipmasqadm portfw -a -P tcp -L 192.168.1.100 80 
 -
 R 150.0.0.100 80
 

C'est quoi que tu veux faire?  Ca serait un bon debut de detailler un peu
plus ton probleme.

Si je lis bien, tu veux que, quand un utilisateur qui veut contacter une
machine dont l'ip destination et port destination est de 192.168.1.100 80
soit redirige vers 150.0.0.100 80.

De cette maniere, c'est suppose fonctionne.  Sinon, detailles un peu plus
ton probleme au lieu de faire comme 99% des utilisateurs qui disent ca ne
marche pas...

As-tu fait du sniffing?  Les packets se rendent au serveur? le serveur et
le client se communiquent? le serveur communique avec l'autre serveur dont
il redirige?  Le cable est bien branche? tu as configure tes IP's ?
N'oublie pas de decrire ton reseau.

ipmasqadm portfw

[Elm Gysel]

Hello,

I'm using kernel 2.2.19 and I have a little question regarding portfw.
I've set up some rules to forward some ports to an other computer on the
network :

ipmasqadm portfw -a -P tcp -L localhost 8002 -R 192.168.1.10 8002
ipmasqadm portfw -a -P tcp -L 192.168.1.250 8002 -R 192.168.1.10 8002
ipmasqadm portfw -a -P tcp -L extern-ip 8002 -R 192.168.1.10 8002

This works good as long as the request comes from the outer
network(internet). So it doesn't work when I try to connect on the server
who has this installed or when I try to connect from any other computer on
the network using external-ip:8002 .

What I was wondering about, when does portfw get the packet? All my ipchains
rules seem to be correct. I use masquerading also. I have attached my
ipchains rules.

Thanks for any responses :)

Elm

Chain input (policy DENY: 0 packets, 0 bytes):
 pkts bytes target prot opttosa tosx  ifname mark   outsize  
sourcedestination   ports
 181K   11M ACCEPT all  -- 0xFF 0x00  lo 
anywhere anywhere  n/a
0 0 DENY   all  l- 0xFF 0x00  !lo
127.0.0.0/8  anywhere  n/a
 970K  220M ACCEPT all  -- 0xFF 0x00  eth0   
localnet/24  anywhere  n/a
0 0 DENY   all  l- 0xFF 0x00  eth1   
localnet/24  anywhere  n/a
 290K  116M ACCEPT all  -- 0xFF 0x00  eth1   
anywhere extern-ip   n/a
0 0 DENY   all  l- 0xFF 0x00  any
anywhere anywhere  n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
 pkts bytes target prot opttosa tosx  ifname mark   outsize  
sourcedestination   ports
80253 7420K MASQ   all  -- 0xFF 0x00  eth1   
localnet/24  anywhere  n/a
0 0 DENY   all  l- 0xFF 0x00  any
anywhere anywhere  n/a
Chain output (policy DENY: 0 packets, 0 bytes):
 pkts bytes target prot opttosa tosx  ifname mark   outsize  
sourcedestination   ports
 181K   11M ACCEPT all  -- 0xFF 0x00  lo 
anywhere anywhere  n/a
 976K  680M ACCEPT all  -- 0xFF 0x00  eth0   
anywhere localnet/24   n/a
0 0 ACCEPT!tcp  -- 0xFF 0x00  eth0   
anywhere BASE-ADDRESS.MCAST.NET/4  any -   any
0 0 DENY   all  l- 0xFF 0x00  eth1   
anywhere localnet/24   n/a
 310K   43M ACCEPT all  -- 0xFF 0x00  eth1   
extern-ip  anywhere  n/a
0 0 DENY   all  l- 0xFF 0x00  any
anywhere anywhere  n/a

ipmasqadm portfw

[Elm Gysel]

(sorry for the wrong subject on previous 
post!)

Hi,

I'm using kernel 2.2.14 and I have a problem with 
ipmasqadm portfw.When I try to add a rule for forwarding a port I get 
the following error :ipmasqadm portfw -a -P tcp -L 212.69.202.112 8002 
-R 192.168.1.10 8002portfw: setsockopt failed: Invalid argumentwhen 
I try to get get a list I get :[EMAIL PROTECTED] 09:34:06 
/server/kernel/linux-2.2$ ipmasqadm portfw -lportfw: setsockopt failed: 
Invalid argumentCould not open "/proc/net/ip_masq/portfw"Could not open 
"/proc/net/ip_portfw"Check if you have enabled portforwardingFrom 
what I understand from searching mailing lists and so on I don't havethis 
aspect commpiled into my kernel.This is the .config file 
:cut## Networking 
options#CONFIG_PACKET=yCONFIG_NETLINK=yCONFIG_RTNETLINK=yCONFIG_NETLINK_DEV=yCONFIG_FIREWALL=yCONFIG_FILTER=yCONFIG_UNIX=yCONFIG_INET=y# 
CONFIG_IP_MULTICAST is not set# CONFIG_IP_ADVANCED_ROUTER is not set# 
CONFIG_IP_PNP is not 
setCONFIG_IP_FIREWALL=yCONFIG_IP_FIREWALL_NETLINK=yCONFIG_NETLINK_DEV=yCONFIG_IP_TRANSPARENT_PROXY=yCONFIG_IP_MASQUERADE=y## 
Protocol-specific masquerading support will be built as 
modules.#CONFIG_IP_MASQUERADE_ICMP=y## Protocol-specific 
masquerading support will be built as modules.## CONFIG_IP_ROUTER is not 
set# CONFIG_NET_IPIP is not set# CONFIG_NET_IPGRE is not set# 
CONFIG_IP_ALIAS is not setCONFIG_SYN_COOKIES=ycutI can't 
see the option CONFIG_IP_MASQUERADE_MOD so noCONFIG_IP_MASQUERADE_IPPORTFW 
aswell.So I suppose I need to recompile this kernel?if 
so...Can I just compile a 2.4 version to upgrade from this 2.2 
version?Is there any way not to break things apart if I compile this new 
kernel? Oris the best way to go just to keep the old .config at hand when 
configuringthe new 
one?Thx!khb

Re: ipmasqadm portfw

[Paul Hampson]

On Wed, Feb 06, 2002 at 09:53:01AM +0100, Elm Gysel wrote:
 I'm using kernel 2.2.14 and I have a problem with ipmasqadm portfw.

 From what I understand from searching mailing lists and so on I don't have
 this aspect commpiled into my kernel.

 This is the .config file :
[snip]
Have you set
CONFIG_EXPERIMENTAL
?

 So I suppose I need to recompile this kernel?
Almost certainly...

 if so...
 Can I just compile a 2.4 version to upgrade from this 2.2 version?
 Is there any way not to break things apart if I compile this new kernel? Or
 is the best way to go just to keep the old .config at hand when configuring
 the new one?

Beware, kernel 2.4 uses iptables, not ipchains. So you may have
to upgrade some tools as well. I dunno if ipfwadm supports kernel 2.4,
to be honest.

However, if you're upgrading to 2.4, make sure you're at least on woody,
or have the potato-2.4 support packages by A. Bunk (I think that's the
guy :-) installed.

You can drop the old .config file into the new kernel source
directory, and run
make oldconfig
which will ask you any questions that it doesn't have answers
for already. In fact, make-kpkg does that anyway. :-)

Keep your old kernel around and configured in lilo, so you can
boot back when the new 2.4 kernel doesn't work. :-)

-- 
===
Paul TBBle Hampson, MCSE
4th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]

Of course Pacman didn't influence us as kids. If it did,
we'd be running around in darkened rooms, popping pills and
listening to repetitive music.

This email is licensed to the recipient for non-commercial
use, duplication and distribution.
===


pgp9hf9IWQ6T1.pgp
Description: PGP signature

RE: ipmasqadm portfw

[Jeremy L. Gaddis]

This can (and probably should) be set in /etc/network/options:

ip_forward=yes

to stay consistent across reboots.

j.

--
Jeremy L. Gaddis [EMAIL PROTECTED] 

-Original Message-
From: Raffael Ferenc [mailto:[EMAIL PROTECTED]
Sent: Monday, January 14, 2002 4:45 AM
To: Jeremy L. Gaddis
Subject: Re: ipmasqadm portfw


And sometimes it's necessary to
echo 1/proc/sys/net/ip_forward

On Sun, Jan 13, 2002 at 09:22:12PM -0500, Jeremy L. Gaddis wrote:

 You need to say Yes to Network Firewalls, IP: firewalling,
 IP: masquerading and IP: masquerading special modules support.
 
 You also need to say Yes to Prompt for development and/or
 incomplete code/drivers if you haven't already.
 
 j.
 
 --
 Jeremy L. Gaddis [EMAIL PROTECTED]

ipmasqadm

[Jose Rafae Xavier dos Santos]

Ae pessoal

To tendo alguns problemas tentando usar o ipmasqadm. Achei muita coisa sobre 
isso na net mas nada q solucionasse o meu problema.
Preciso redirecionar a porta 8080 do maquina com acesso a internet(roteador) 
para a porta 80 de uma maquina da rede interna.
ipvalido:8080 == 192.168.0.3:80

# insmod ip_masq_portfw
# ipmasqadm portfw -a -P tcp -L $IP_INET 8080 -R 192.168.0.3 80

Quando tento acessar ipvalido:8080 ele fica esperando um tempao( loading... ), 
sem dar erro, e naum funciona.
Quando eu troco $IP_INET por 192.168.0.10 (ip da rede interna) e acesso de 
dentro da rede dah o mesmo erro.
O apache de 192.168.0.3 tah funcionando e pode ser acessado de qualquer maquina 
da rede interna.
Naum sei o q falta (nunca fiz isso antes), naum sei se preciso carregar algum 
outro modulo.
Descarreguei todas as regras do ipchains no roteador, deixei soh

# ipchains -A forward -j MASQ

portanto acho q naum tem nada bloqueando o acesso.

Valeu

--- -- -
Jose Rafael Xavier dos Santos
[EMAIL PROTECTED]

Re: ipmasqadm

[Joel Franco Guzmán]

On Wed, 31 Oct 2001, Jose Rafae Xavier dos Santos wrote:


 Ae pessoal

 To tendo alguns problemas tentando usar o ipmasqadm. Achei muita coisa sobre 
 isso na net mas nada q solucionasse o meu problema.
 Preciso redirecionar a porta 8080 do maquina com acesso a internet(roteador) 
 para a porta 80 de uma maquina da rede interna.
   ipvalido:8080 == 192.168.0.3:80

 # insmod ip_masq_portfw
 # ipmasqadm portfw -a -P tcp -L $IP_INET 8080 -R 192.168.0.3 80

 Quando tento acessar ipvalido:8080 ele fica esperando um tempao( loading... 
 ), sem dar erro, e naum funciona.
 Quando eu troco $IP_INET por 192.168.0.10 (ip da rede interna) e acesso de 
 dentro da rede dah o mesmo erro.
 O apache de 192.168.0.3 tah funcionando e pode ser acessado de qualquer 
 maquina da rede interna.
 Naum sei o q falta (nunca fiz isso antes), naum sei se preciso carregar algum 
 outro modulo.
 Descarreguei todas as regras do ipchains no roteador, deixei soh

 # ipchains -A forward -j MASQ

 portanto acho q naum tem nada bloqueando o acesso.

 Valeu

tive o mesmo problema com o ipmasqadm no passado.
eu acho que ele faz tudo certo, mas ele NAO FUNCIONA INTERNAMENTE, ou
seja, uma máquina 192.168.x.x não consegue acessá-la através do roteador,
mas somente internamente. Mas de fora da rede (a partir de um ip real) ele
funciona perfeitamente. pelo menos esse era o problema no passado.

a solução foi instalar outro utilitário chamado redir.
ele não funciona em nível de kernel, mas funciona muito bem.
pelo menos a gente utiliza ele para fazer exatamente o que voce quer :)

sei que existe solução também pelo iptables...
o novo do kernel 2.4... e talvez até funcione melhor

[]s


 --- -- -
 Jose Rafael Xavier dos Santos
 [EMAIL PROTECTED]




 --
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: ipmasqadm

[Rodrigo Araujo]

On Wed, 31 Oct 2001, Joel Franco Guzmán wrote:



 On Wed, 31 Oct 2001, Jose Rafae Xavier dos Santos wrote:

 
  Ae pessoal
 
  To tendo alguns problemas tentando usar o ipmasqadm. Achei muita coisa 
  sobre isso na net mas nada q solucionasse o meu problema.
  Preciso redirecionar a porta 8080 do maquina com acesso a 
  internet(roteador) para a porta 80 de uma maquina da rede interna.
  ipvalido:8080 == 192.168.0.3:80
 
  # insmod ip_masq_portfw
  # ipmasqadm portfw -a -P tcp -L $IP_INET 8080 -R 192.168.0.3 80
 
  Quando tento acessar ipvalido:8080 ele fica esperando um tempao( loading... 
  ), sem dar erro, e naum funciona.
  Quando eu troco $IP_INET por 192.168.0.10 (ip da rede interna) e acesso de 
  dentro da rede dah o mesmo erro.
  O apache de 192.168.0.3 tah funcionando e pode ser acessado de qualquer 
  maquina da rede interna.
  Naum sei o q falta (nunca fiz isso antes), naum sei se preciso carregar 
  algum outro modulo.
  Descarreguei todas as regras do ipchains no roteador, deixei soh
 
  # ipchains -A forward -j MASQ
 
  portanto acho q naum tem nada bloqueando o acesso.
 
  Valeu

 tive o mesmo problema com o ipmasqadm no passado.
 eu acho que ele faz tudo certo, mas ele NAO FUNCIONA INTERNAMENTE, ou
 seja, uma máquina 192.168.x.x não consegue acessá-la através do roteador,
 mas somente internamente. Mas de fora da rede (a partir de um ip real) ele
 funciona perfeitamente. pelo menos esse era o problema no passado.

Também tive este mesmo problema, só de fora que tudo funciona direitinho.


 a solução foi instalar outro utilitário chamado redir.
 ele não funciona em nível de kernel, mas funciona muito bem.
 pelo menos a gente utiliza ele para fazer exatamente o que voce quer :)


Este eu não conheço.

 sei que existe solução também pelo iptables...
 o novo do kernel 2.4... e talvez até funcione melhor


Eu não cheguei a testar, mas eu li que o iptables resolveria meu problema.

 []s

 
  --- -- -
  Jose Rafael Xavier dos Santos
  [EMAIL PROTECTED]
 
 
 

[]'s


--
 :::  .''`.  :::
 ::: : :'  : :::  Rodrigo Morais Araujo (rma) [EMAIL PROTECTED]
 ::: `. `'`  :::  UIN: 101720839
 :::   `-:::

ipmasqadm bug in potato 2.2r3 - 2.2.18 - i386

[Andreas Beham]

Sorry I dont know the package that covers ipmasqadm.
But on my system i386 Potato 2.2r3 kernel 2.2.18 the localhost cant open any
internetconnections anymore when I have defined some portforwarding rules
(or is it just the large number that causes the bug I dont know).

Here is the script that generates the rules ($EXTIP is my external ip
address):
# BEGIN ##
 /usr/sbin/ipmasqadm portfw -f

# DirectPlay Ports
#
port=2300
while [ $port -le 2400 ]
  do
   /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP $port -R 10.0.1.50
$port
   /usr/sbin/ipmasqadm portfw -a -P udp -L $EXTIP $port -R 10.0.1.50
$port
   port=$((port+1))
  done

# Suddenstrike Ports
#
 port=28800
 while [ $port -le 28900 ]
  do
   /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP $port -R 10.0.1.50
$port
   /usr/sbin/ipmasqadm portfw -a -P udp -L $EXTIP $port -R 10.0.1.50
$port
   port=$((port+1))
  done

# DirectPlay
#
 /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 47624 -R 10.0.1.50 47624

# Operation Flashpoint
#
 /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 2234 -R 10.0.1.50 2234
 /usr/sbin/ipmasqadm portfw -a -P udp -L $EXTIP 2234 -R 10.0.1.50 2234
### END ##

As soon as I flush the rules the internet connection from the localhost is
working again. From the network I can access the internet all the time. It
seems as if only the localhost is affected.
When I have the rules on, the connection looks like the following (netstat):

tcp 0 1 N698P029.adsl.high:2353 www.google.com:www SYN_SENT

It hangs at exactly that point. In lynx this is displayed as the message:
Making http connection to www.google.com and then nothing.

Ah yes I should also mention that dnslookup works though. So I can make
nslookup www.google.com and get the right answer. (with the rules enabled).
Though I cant open any tcp connection be it ftp or www.

If you would be so kind to report back directly to me too as I am not
subscribed to the mailing list.

Thanks,
Andreas

ipmasqadm portfw

[will trillich]

i used to have this working like a champ, but now it folds its
arms and laughs and evil laugh--

we're trying to establish port forwarding so that a box internal
on our lan (192.168.1.2) can serve requests through the
firewall, from 'out there'.

# ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80

# ipmasqadm portfw -ln
prot localaddrrediraddr   lportrport pcnt  pref
TCP  [PUBLIC_IP]  192.168.1.2 7890 801010

well, it LOOKS like it's up, but--

# nmap [PUBLIC_IP] -p 7890

Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], 
www.insecure.org/nmap/)
No ports open for host server ([public_ip])
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

which is bolstered by the fact that if i try to connect to
public port :7890 from outside (that is, from a public ip out on
the internet, trying to connect to port :7890 on my public ip
address) i get deafening silence (unable to connect to host).

is there another step i've forgotten? i'm on potato 2.2.17 and
this was working earlier...

-- 
DEBIAN NEWBIE TIP #48 from Will Trillich [EMAIL PROTECTED]
:
To peruse your CURRENT VIM SETTINGS (there's LOTS of them)
from within Vim, simply do
:options
You can change them there, on-the-fly, as well. Type
ctrl-W ctrl-W to switch panes or ctrl-W q to close one.
Try :help to learn more.

Also see http://newbieDoc.sourceForge.net/ ...

RE: ipmasqadm portfw

[NORMAND Jacques]

Pehaps I will tell non-senses but potato run a 2.2 kernel (2.2.17 in your
case). So the tool for that kind of tricks is ipchains, isn't it? ipmasqadm
is for kernel serie 2.0 no ?

hope it helps

jacques

-Message d'origine-
De : will trillich [mailto:[EMAIL PROTECTED]
Envoyé : mardi 25 septembre 2001 11:15
À : debian-user@lists.debian.org
Objet : ipmasqadm portfw


i used to have this working like a champ, but now it folds its
arms and laughs and evil laugh--

we're trying to establish port forwarding so that a box internal
on our lan (192.168.1.2) can serve requests through the
firewall, from 'out there'.

# ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80

# ipmasqadm portfw -ln
prot localaddrrediraddr   lportrport pcnt  pref
TCP  [PUBLIC_IP]  192.168.1.2 7890 801010

well, it LOOKS like it's up, but--

# nmap [PUBLIC_IP] -p 7890

Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], 
www.insecure.org/nmap/)
No ports open for host server ([public_ip])
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

which is bolstered by the fact that if i try to connect to
public port :7890 from outside (that is, from a public ip out on
the internet, trying to connect to port :7890 on my public ip
address) i get deafening silence (unable to connect to host).

is there another step i've forgotten? i'm on potato 2.2.17 and
this was working earlier...

--
DEBIAN NEWBIE TIP #48 from Will Trillich [EMAIL PROTECTED]
:
To peruse your CURRENT VIM SETTINGS (there's LOTS of them)
from within Vim, simply do
:options
You can change them there, on-the-fly, as well. Type
ctrl-W ctrl-W to switch panes or ctrl-W q to close one.
Try :help to learn more.

Also see http://newbieDoc.sourceForge.net/ ...


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]

Re: ipmasqadm portfw

[Tim Moss]

On Tue, 25 Sep 2001 04:15:07 -0500
will trillich [EMAIL PROTECTED] wrote:

 i used to have this working like a champ, but now it folds its
 arms and laughs and evil laugh--
 
 we're trying to establish port forwarding so that a box internal
 on our lan (192.168.1.2) can serve requests through the
 firewall, from 'out there'.
 
   # ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80
 
   # ipmasqadm portfw -ln
   prot localaddrrediraddr   lportrport pcnt  pref
   TCP  [PUBLIC_IP]  192.168.1.2 7890 801010
 

Have you allowed access to that port with ipchains? The packets will never
get to your ipmasqadm rule if ipchains is rejecting/denying them on input.
Something like this should work:

ipchains -A input -p TCP -d [PUBLIC_IP] --destination-port 7890 -j ACCEPT

ipmasqadm portfw -a ... stopped working?

[will trillich]

we're trying to establish port forwarding so that a box internal
on our lan (192.168.1.2) can serve requests through the
firewall, from 'out there'.

i haven't even done apt-get upgrade lately -- and now
ipmasqadm 'portfw' isn't working. (i may have missed a step, but
/usr/share/doc/ didn't help ring any bells...)

# ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80

# ipmasqadm portfw -ln
prot localaddrrediraddr   lportrport pcnt  pref
TCP  [PUBLIC_IP]  192.168.1.2 7890 801010

well, it LOOKS like it's up, but--

# nmap [PUBLIC_IP] -p 7890

Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], 
www.insecure.org/nmap/)
No ports open for host server ([public_ip])
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

which is bolstered by the fact that if i try to connect to
public port :7890 from outside i get deafening silence (unable
to connect to host).

is there another step i've forgotten? i'm on potato 2.2.17 and
this was working earlier...

[PUBLIC_IP] is, of course the client's actual ip address, if
you wondered... :)

-- 
DEBIAN NEWBIE TIP #73 from USM Bish [EMAIL PROTECTED]
:
Looking for a way to CAPTURE A TRANSCRIPT OF SOME COMMANDS?
Easy!  To catch anything from the screen when it scrolls by,
use script:
script file-to-save-transcript-in.txt
command
command
exit == don't forget this!
(It spawns another shell, and displays everything so you
can work -- but it also saves the output in the file at the
same time.) Then pager file-*transcript* to review it. Or
email it. Or edit it to include in a manual you're writing.

Also see http://newbieDoc.sourceForge.net/ ...

ipmasqadm portfw and apache

[Jason Majors]

I'd like to forward all requests on port 80 thru my firewall, however, I use
VirtualHosts under apache.
Is there a way to forward the port with the desired host name?
Or can I do it based on the hostname desired? (eg forward a request to
www.foo.com to port 81 and a request to www.bar.com to 82).

Thanks,
Jason

Re: ipmasqadm portfw and apache

[Tim Moss]

Jason Majors wrote:

I'd like to forward all requests on port 80 thru my firewall, however, I use
VirtualHosts under apache.
Is there a way to forward the port with the desired host name?
Or can I do it based on the hostname desired? (eg forward a request to
www.foo.com to port 81 and a request to www.bar.com to 82).

Thanks,
Jason




Forwarding the port will not change the actual HTTP request which is 
what the VirtualHosts depends on. I think it should be pretty 
transparent (though I've never tried it). Are you having a problem doing 
this or are you just asking in preparation of setting it up?

Re: ipmasqadm portfw and apache

[Jason Majors]

On Wed, Aug 29, 2001 at 11:51:48AM -0700, Tim Moss scribbled...
 Jason Majors wrote: 
 I'd like to forward all requests on port 80 thru my firewall, however, I 
 use
 VirtualHosts under apache.
 Is there a way to forward the port with the desired host name?
 Or can I do it based on the hostname desired? (eg forward a request to
 www.foo.com to port 81 and a request to www.bar.com to 82).
 
 Thanks,
 Jason
 
 
 
 Forwarding the port will not change the actual HTTP request which is  
 what the VirtualHosts depends on. I think it should be pretty  
 transparent (though I've never tried it). Are you having a problem doing  
 this or are you just asking in preparation of setting it up? 
 
I already did it. When I forwarded to the internal box, all requests were
served by the default html/ directory, not the virtual host matching the
url I typed.

Re: ipmasqadm portfw and apache

[Jason Majors]

Jason Majors wrote: 
I'd like to forward all requests on port 80 thru my firewall, however, I 
use
VirtualHosts under apache.
Is there a way to forward the port with the desired host name?
Or can I do it based on the hostname desired? (eg forward a request to
www.foo.com to port 81 and a request to www.bar.com to 82).

Thanks,
Jason

I think I figured it out...it's not the port issue. When I add a second
NameVirtualHost foo and VirtualHost foo, I get the warning from
apache [warn] NameVirtualHost tmr.whizzird.net:80 has no VirtualHosts,
so I'd guess that there's something in the order of the httpd.conf. When
this happens the special hosts entry I created goes back to the default
page for the server, but when there's only one VirtualHost, that hosts
entry goes to the VirtualHost.
I get the same warnings on the firewall, but virtual hosting works fine.

Does anybody have experience with multiple VirtualHost entries? Or know the
correct format?
I'm doing:
NameVirtualHost domainone
NameVirtualHost domaintwo
NameVirtualHost domainthree

VirtualHost domainone
...
/VirtualHost

VirtualHost domaintwo
...
/VirtualHost

VirtualHost domainthree
...
/VirtualHost

Thanks,
Jason

Re: ipmasqadm portfw and apache

[Jason Majors]

On Wed, Aug 29, 2001 at 01:39:21PM -0700, Jason Majors scribbled...
 Does anybody have experience with multiple VirtualHost entries? Or know 
 the 
 correct format? 
 I'm doing: 
 NameVirtualHost domainone 
 NameVirtualHost domaintwo 
 NameVirtualHost domainthree 
  
 VirtualHost domainone 
 ... 
 /VirtualHost 
  
 VirtualHost domaintwo 
 ... 
 /VirtualHost 
  
 VirtualHost domainthree 
 ... 
 /VirtualHost 
  
I got it working. I feel kinda dumb...for those who'd like to know how to do it:
NameVirtualHost 1.2.3.4 # MUST BE AN IP! (my mistake).
VirtualHost foo.domain.com # I had to put the specific one before a generic
...  # www to get the specific to come up.
/Virtualhost

VirtualHost www.domain.com
... 
/VirtualHost

VirtualHost www.domaintwo.com
...
/VirtualHost

ipmasqadm and libc5 problems

[Stephen Handley]

Hi there,

Has anyone tried to use IPMASQADM to get PPTP support in IPMASQ (so I can
access my work VPN from behind the linux firewall)? I downloaded the
IPMASQADM module as well as a new version of libc5 (required by IPMASQADM)
and basically killed a shitload of stuff on my server. I'm guessing it's the
new version of libc5 as I really haven't configured anything to work with
IPMASQADM yet.

Any help/similar experiences would be appreciated.

Cheers
Stephen

ipmasqadm portfw vs autofw vs rinetd ?

[aphro]

hi

today i had a small problem trying to get portfw to forward connections
to another netowrk. what i wanted to do was send connections from port
X accross our T1s to a place on the other side of the country(all the
internal traffic is using non routable ips..) however it did not work ..
connection couldn't be made. directing a connection to an ip on the local
network worked fine.

i thought about using autofw but i could not find a way to specify
an IP address to listen on to forward, as there are other ips on
the machine forwarding the same port number to various internal
machines, i have to specify the ip.

the temporary solution was to use rinetd, which seemed to work fine..

but i'm curious if this is possible with portfw?

the command i was using:
/usr/sbin/ipmasqadm portfw -a -P tcp -L EXTERNAL_IP PORT -R INTERNAL_IP PORT

since it worked when i directed it to a local ip i figure my syntax is
fine ...but i dont understand what is different about portfw vs
rinetd (other then one bein kernel and the other bein userspace)
that lets rinetd work and portfw not..

any ideas ??

thanks!

nate

OT mucho: Actualizacion atr3s utilizando ipmasqadm

[Angel Vicente Perez]

Hola a todos y perdon por el offtopic.

Tenemos un aplicacion de nominas atr3s que se puede actualizar por Internet,
pero usando el Explorer, el caso es que para salir a internet estamos usando
una maquina con Debian, y sale correctamente, pero cuando el usuario pide
actualizar la aplicacion esta, siempre le devuelve el mismo error, relativo
a autorizaciones de usuario, los de atencion a usuario no tienen ni idea de
lo que es un Linux, y la solucion que proponen es que conectemos usando un
modem en modo local, y ellos lo tienen todo bien configurado y tal, desde
ese mismo host se conecta con la agencia tributaria y sitios asi.

¿Hay alguien en la lista que tenga la aplicacion esta de nominas, y
actualice con una maquina Linux (ipmasq)?

Saludos y perdon nuevamente por el OT.

Re: anyone know ipmasqadm

[Alberto Rodríguez Ortega]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Check the PATH

It's posible ipmasqadm reside in a directly which is not on your path.

have u check with 'locate'?
'which or just trying to execute the command it's not as u must look for a 
program.

Seeya

At 18.53 6/7/00 -0700, Bob Nielsen wrote:
ipmasqadm is contained in the Debian netbase package (for potato, at
least).

On Thu, Jul 06, 2000 at 05:58:50PM -0700, Nick wrote:
  anyone know how to setup ipmasqadm?
  so far i got a hold of a rpm package and aliened it
 
  installed it and i have problems using it.
 
  no man
  no ipmasqadm utiliy
 
  what gives?
 
  anyone know of a deb that works???

--
Bob Nielsen, N7XY  [EMAIL PROTECTED]
Bainbridge Island, WA  http://www.oz.net/~nielsen



--
Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED]  
/dev/null

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com

iQA/AwUBOWVtDisLx+BnL30YEQLsmgCghwnzgwor3vPTGED2ZVQSWsPUkNIAoIuZ
CnpqTBtA+BYNcsomuSmjRXLZ
=frJm
-END PGP SIGNATURE-

anyone know ipmasqadm

[Nick]

anyone know how to setup ipmasqadm?
so far i got a hold of a rpm package and aliened it

installed it and i have problems using it.

no man
no ipmasqadm utiliy

what gives?

anyone know of a deb that works???

Re: anyone know ipmasqadm

[Bob Nielsen]

ipmasqadm is contained in the Debian netbase package (for potato, at
least).

On Thu, Jul 06, 2000 at 05:58:50PM -0700, Nick wrote:
 anyone know how to setup ipmasqadm?
 so far i got a hold of a rpm package and aliened it
 
 installed it and i have problems using it.
 
 no man
 no ipmasqadm utiliy
 
 what gives?
 
 anyone know of a deb that works???

-- 
Bob Nielsen, N7XY  [EMAIL PROTECTED]
Bainbridge Island, WA  http://www.oz.net/~nielsen
 

installing ipmasqadm

[Nick]

hello list,
today i decided to install ipmasqadm but ran into some difficulty

i untarred it into the /usr/src directory
then i ran make install and got the following error:
install -m 700 -o root modules/*.so /usr/lib/ipmasqadm
install: modules/*.so: No such file or directory
make:  *** [install] Error 1

do i need to point something somewhere?

this is the ipmasqadm-0.4.2.tar.gz package


thankx guys

Re: ipmasqadm

[Onno]

At 09:02 AM 12/9/99 -0800, Dave Wiard wrote:
could somebody help me out with this one.  i'm trying to masq my amd
behind my alpha, but i only get the following error reported back upon
trying to exec ipmasqadm:

/usr/sbin/ipmasqadm portfw -a -P tcp -L $SEEN_IP 4000 -R $HIDE_IP 4000
portfw: setsockopt failed: Invalid argument

Are you trying to masq ICQ ?

For normal masq usage use ipchains, for ICQ there is a beta kernel module.


i'm running potato with kernel 2.2.13.  any help getting this to run would
be much appreciated.

--
dave wiard   computer scienc
[EMAIL PROTECTED] western washington university
http://www.wcug.wwu.edu/~davew



-- 
Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED]  /dev/null

Re: ipmasqadm

[Ralf G. R. Bergs]

On Fri, 10 Dec 1999 10:18:43 +0100, Onno wrote:

At 09:02 AM 12/9/99 -0800, Dave Wiard wrote:
could somebody help me out with this one.  i'm trying to masq my amd
behind my alpha, but i only get the following error reported back upon
trying to exec ipmasqadm:

/usr/sbin/ipmasqadm portfw -a -P tcp -L $SEEN_IP 4000 -R $HIDE_IP 4000
portfw: setsockopt failed: Invalid argument

Are you trying to masq ICQ ?

For normal masq usage use ipchains, for ICQ there is a beta kernel module.

I think we have a little misunderstanding here.

I've already tried to help Dave privately. From what I've understood he's 
NOT trying to masq the connection, but he's trying to forward traffic to the 
ICQ port on his router to one of his internal LAN machines.

For this purpose the above command is perfectly ok. I'm using the same 
commands to redirect POP3, SMTP, ssh, etc. to my internal server machine.

HOWEVER, he gets the above error message which I can't explain. He has by my 
directions built the portfw module and loaded it. Loading it works without 
errors so he should be fine, but still he gets the error setsockopt.

According to my experience this error message is a message that originates 
in the kernel. *I* can execute the exact same statement on *my* box without 
any error messages, so I guess there must be something wrong with his 
setup (wrong ipmasqadm binary?!).


-- 
Sign the EU petition against SPAM:  L I N U X   .~.
http://www.politik-digital.de/spam/The  Choice  /V\
of a  GNU  /( )\
   Generation  ^^-^^

ipmasqadm

[Dave Wiard]

could somebody help me out with this one.  i'm trying to masq my amd
behind my alpha, but i only get the following error reported back upon
trying to exec ipmasqadm:

/usr/sbin/ipmasqadm portfw -a -P tcp -L $SEEN_IP 4000 -R $HIDE_IP 4000
portfw: setsockopt failed: Invalid argument

i'm running potato with kernel 2.2.13.  any help getting this to run would
be much appreciated.

--
dave wiard   computer scienc
[EMAIL PROTECTED] western washington university
http://www.wcug.wwu.edu/~davew

ipmasqadm

[Dave Wiard]

could somebody give me some pointers on how to use ipmasqadm?  i don't
seem to have a man page for it and 'usage: ipmasqadm MODULE [opts] '
doesn't help me much.  i don't have a lot of experience with loadable
modules and such.

--
dave wiard  computer science
[EMAIL PROTECTED]western washington university
http://www.wcug.wwu.ed/~davew

Re: ipmasqadm

[Ralf G. R. Bergs]

On Sun, 5 Dec 1999 23:38:48 -0800 (PST), Dave Wiard wrote:

could somebody give me some pointers on how to use ipmasqadm?  i don't

Use it e.g. to forward accesses to a port on your firewall to an internal 
machine like this:

/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXT_IP ssh -R $INT_HOST ssh

The above means: redirect accesses to machine $EXT_IP/port ssh to machine 
$INT_HOST, port ssh.

seem to have a man page for it and 'usage: ipmasqadm MODULE [opts] '
doesn't help me much.  i don't have a lot of experience with loadable
modules and such.

There IS a man page for it:

# dpkg -S ipmasqadm   
[...]
netbase: /usr/man/man8/ipmasqadm.8.gz

# dpkg -l netbase
[...]
ii  netbase 3.12-2 Basic TCP/IP networking binaries


You can get basic help by invoking the following:

# ipmasqadm portfw -h
Usage: portfw -a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF] add entry
   portfw -d -P PROTO -L LADDR LPORT [-R RADDR RPORT] delete 
entry
   portfw -f  clear 
table
   portfw -l  list table
   portfw args -n   no names

PROTO is the protocol, can be tcp or udp
LADDR is the local interface receiving packets to be forwarded.
LPORT is the port being redirected.
RADDR is the remote address.
RPORT is the port being redirected to.
PREF  is the preference level (load balancing, default=10)


and

# ipmasqadm autofw

Usage:
ipautofw command options

Valid commands:
-A   add new autoforward entry
-D   delete an autoforward entry
-F   flush the autoforward table

Valid options:
-r type low high   forwarding on ports low to high using
 protocol type (tcp or udp)

-h hostIP address of host to receive forwarded
 packets

-d type low high   specifies a set of ports which will not use
 the default high range (6+) masquerade
 port area

-p type visible host:hidden
 set up port bouncing from visible host port
 to masqueraded host host on port 
hidden,
 protocol type (currently not supported)

-c type port specifies a control port and protocol

-u   Do _not_ require that a host connect within
 15 seconds of triggering the control port

-i   Insecure mode; any host many connect after
 implied by not using the -c option or 
implied
 by using the -h option
 once the control port has been triggered
-v   Verbose mode


and also

# ipmasqadm mfw
Usage: mfw -A -m FWMARK -r RADDR RPORT [-p PREF] add entry
   mfw -D -m FWMARK [-r RADDR RPORT] delete entry
   mfw -E -m FWMARK [-r RADDR RPORT] edit entry
   mfw -S -m FWMARK  force scheduling
   mfw -Fclear table
   mfw -Llist table
   mfw args -n no names

FWMARK is the fwmark being redirected.
RADDR is the remote address.
RPORT is the port being redirected to.
PREF  is the preference level (load balancing, default=10)


There should also be some docs under /usr/doc/ipportfw.

HTH,

Ralf


-- 
Sign the EU petition against SPAM:  L I N U X   .~.
http://www.politik-digital.de/spam/The  Choice  /V\
of a  GNU  /( )\
   Generation  ^^-^^

ipmasqadm portfw not working to Sun

[Michael Laing]

I am running linux 2.2.12 w/potato netbase and glibc2.1 on my ipmasq'ing
slink machine.

Port forwarding works great to internal linux boxen.

I can't get it to work to my Sun (Solaris 7) tho... tcpdump shows the
packets going to the sun but nothing comes back. I am just setting up
this Sun so I can fool with anything... is it rejecting the connection
for some reason? I am not very familiar with Solaris...

redir works OK thru the ipmasq machine to the Sun, but this will be a
high volume connection and I want the efficiency and ease of management
provided by portfw!

Any pointers would be greatly appreciated!!

Michael Laing

Re:[SOLVED] ipmasqadm question

[Jay Barbee]

At 3/5/99 07:46 AM -0600, [EMAIL PROTECTED] wrote:
Quoting Ralf G. R. Bergs [EMAIL PROTECTED]:

 On Thu, 04 Mar 1999 19:52:34 -0600, [EMAIL PROTECTED] wrote:
 
 I checked with dselect and found I have ipmasq 3.3.1 installed already.
 There is NO sign of ipmasqadm on my system anywhere.
 
 I have run 'find / -name ipmasqadm' with no hits.
 
 I do appreciate your help.  Please don't stop now, but I am in no big
 hurry.  Perhaps there are others out there that have the needed info.
 
 Ok, another day, another try. :-)
 
 Here's the info you want, but you may not like it:
 
   #dpkg -S ipmasqadm
   netbase: /usr/sbin/ipmasqadm
   [...]
 
   #dpkg -l netbase
   Desired=Unknown/Install/Remove/Purge
   | Status=Not/Installed/Config-files/Unpacked/Failed-config
   |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,
   ||/ NameVersionDescription
   +++-===-==-=
   ii  netbase 3.12-2 Basic TCP/IP networking binaries
 
 As you see it's the unstable version of netbase. Don't worry you can 
 install it without having to fear that it breaks your system (at least it 
 didn't on my system ;-)

Thank you Ralf,

You have found the missing ipmasqadm for me.  I am not getting the same
returns you are showing using the 'dpkg -S' and '-l' commands, (I will
leave that for another thread).

I don't have any problem playing with the new toys.  I just have not
installed from potato untill needed.


I know it has been way over a month... but I just got around to doing this
upgrade to slink from hamm.  Then I started to read this thread!

hummm, this is a problem, and due to my lateness, I cannot get a netbase
3.12 from POTATO.  The unstable release is 3.14-1, but that requires you to
install libc6 from potato, and that requires ldso (followed by
libstdc++2.9, apt, development clibs). 

Long story short most the libs basically need to be upgraded just to use
ipmasqadm.  That is not a good thing in my opinion.  I should just run
potato if that is the case.  Now dselect reminds me of all the programs
that I have broken (not really but it bitches).  

If slink's netbase is not going to include ipmasqadm, then there needs to
be a package for ipmasqadm. To go to potato's netbase cleanly, involves
many iteration.

Just my $.02
--Jay Barbee

Re: [SOLVED] ipmasqadm question

[Pat Legg]

Jay Barbee wrote:

 hummm, this is a problem, and due to my lateness, I cannot get a netbase
 3.12 from POTATO.  The unstable release is 3.14-1, but that requires you to
 install libc6 from potato, and that requires ldso (followed by
 libstdc++2.9, apt, development clibs).

try http://www.debian.org/~rcw/2.2/netbase/netbase_3.12-2_i386.deb

-Pat

Re: ipmasqadm question

[whbell]

Quoting Ralf G. R. Bergs [EMAIL PROTECTED]:

 On Thu, 04 Mar 1999 15:51:51 -0600, [EMAIL PROTECTED] wrote:
 
 Please help me find this beast :-)
 
 I *think* it's
 
 http://ftp.gwdg.de/pub/linux/debian/dists/unstable/main/binary-
 i386/net/ipmasq_3.3.1.deb
 
 Unfortunately I'm still under NT (:-) and I can't easily boot into the 
 Debian system I have the binary installed under since this would involve 
 removing my IDE hard drive and replacing it against the other drive, and I 
 need to get work done at the moment.
 
 Could you check the above URL, and if it turns out that this is NOT 
 ipmasqadm get back to me?
 
 Ralf
 
 
 -- 
 Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
 +49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED]  * PGP ok!
 Sign the EU petition against SPAM: http://www.politik-digital.de/spam/
 
 
Ralf,

Thanks but...

I checked with dselect and found I have ipmasq 3.3.1 installed already.
There is NO sign of ipmasqadm on my system anywhere.

I have run 'find / -name ipmasqadm' with no hits.

I do appreciate your help.  Please don't stop now, but I am in no big
hurry.  Perhaps there are others out there that have the needed info.

Danke,  (sp?)
-Bill

-
This mail sent through IMP: http://web.horde.org/imp/

Re: ipmasqadm question

[Bob Nielsen]

Are you sure you don't mean ipfwadm (which is part of netbase)?

Bob

On Thu, 4 Mar 1999 [EMAIL PROTECTED] wrote:

 I checked with dselect and found I have ipmasq 3.3.1 installed already.
 There is NO sign of ipmasqadm on my system anywhere.
 
 I have run 'find / -name ipmasqadm' with no hits.
 
 I do appreciate your help.  Please don't stop now, but I am in no big
 hurry.  Perhaps there are others out there that have the needed info.


Bob Nielsen Internet: [EMAIL PROTECTED]
Tucson, AZ  AMPRnet:  [EMAIL PROTECTED]
DM42nh  http://www.primenet.com/~nielsen

Re: ipmasqadm question

[whbell]

Quoting Bob Nielsen [EMAIL PROTECTED]:

 Are you sure you don't mean ipfwadm (which is part of netbase)?
 
 Bob
 
 On Thu, 4 Mar 1999 [EMAIL PROTECTED] wrote:
 
  I checked with dselect and found I have ipmasq 3.3.1 installed already.
  There is NO sign of ipmasqadm on my system anywhere.
  
  I have run 'find / -name ipmasqadm' with no hits.
  
  I do appreciate your help.  Please don't stop now, but I am in no big
  hurry.  Perhaps there are others out there that have the needed info.
 
 
 Bob Nielsen Internet: [EMAIL PROTECTED]
 Tucson, AZ  AMPRnet:  [EMAIL PROTECTED]
 DM42nh  http://www.primenet.com/~nielsen
 

Hi Bob,

I believe ipfwadm only works with kernels  2.1.90 or so.  The reading
I get from the kernel source with 2.2.1 is that ipmasqadm is required.

This thread has been heavily cut.  The full details of my system are:

Slink (mostly)
2.2.1 kernel
Looking for port forwarding tool(s).

Thanks for you help,
-Bill


-
This mail sent through IMP: http://web.horde.org/imp/

Re: ipmasqadm question

[Ralf G. R. Bergs]

On Thu, 04 Mar 1999 20:24:38 -0600, [EMAIL PROTECTED] wrote:

I believe ipfwadm only works with kernels  2.1.90 or so.  The reading
I get from the kernel source with 2.2.1 is that ipmasqadm is required.

You're right. ipfwadm is obsolete for 2.2.x kernels.

Ralf


-- 
Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
+49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED]  * PGP ok!
Sign the EU petition against SPAM: http://www.politik-digital.de/spam/

Re: ipmasqadm question

[Ralf G. R. Bergs]

On Thu, 04 Mar 1999 19:52:34 -0600, [EMAIL PROTECTED] wrote:

I checked with dselect and found I have ipmasq 3.3.1 installed already.
There is NO sign of ipmasqadm on my system anywhere.

I have run 'find / -name ipmasqadm' with no hits.

I do appreciate your help.  Please don't stop now, but I am in no big
hurry.  Perhaps there are others out there that have the needed info.

Ok, another day, another try. :-)

Here's the info you want, but you may not like it:

  #dpkg -S ipmasqadm
  netbase: /usr/sbin/ipmasqadm
  [...]

  #dpkg -l netbase
  Desired=Unknown/Install/Remove/Purge
  | Status=Not/Installed/Config-files/Unpacked/Failed-config
  |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,
  ||/ NameVersionDescription
  +++-===-==-=
  ii  netbase 3.12-2 Basic TCP/IP networking binaries

As you see it's the unstable version of netbase. Don't worry you can 
install it without having to fear that it breaks your system (at least it 
didn't on my system ;-)

Danke,  (sp?)

You're welcome. (The spelling of Danke is right. :-)

Ralf


-- 
Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
+49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED]  * PGP ok!
Sign the EU petition against SPAM: http://www.politik-digital.de/spam/

Re: ipmasqadm question

[wtopa]

Subject: ipmasqadm question
Date: Thu, Mar 04, 1999 at 01:25:07PM -0600

In reply to:[EMAIL PROTECTED]

Quoting [EMAIL PROTECTED]([EMAIL PROTECTED]):
 
 Hello all,
 
 I seem to be lost on this issue, but here goes.  I am running a mostly slink 
 system with a 2.2.1 kernel.  How do I enable port forwarding with this setup?
 
 I have the kernel built correctly, (I believe), so I am not concerned in that 
 area.  My question has to do with the tool(s) used to manage the port 
 forwarding.  It looks like the ipportfw tool only works with a kernel  
 2.1.90. 
 I have read that the tool I am looking for is called ipmasqadm, found at:
 
 http://juanjox.linuxhq.com/
 
 I have found the RH RPM at this site, along with the source code for this 
 tool. 
  My first try at compiling and installing was unsuccessful.  (I have not put 
 too
 
 much effort into this approach yet).




  GREAT Firewall/masquerading INFO Site
http://rlz.ne.mediaone.net/linux/firewall/


-- 
|  LINUX - Because a PC is a terrible thing to waste..on WinDoze  |
___
Wayne T. Topa [EMAIL PROTECTED]

Re:[SOLVED] ipmasqadm question

[whbell]

Quoting Ralf G. R. Bergs [EMAIL PROTECTED]:

 On Thu, 04 Mar 1999 19:52:34 -0600, [EMAIL PROTECTED] wrote:
 
 I checked with dselect and found I have ipmasq 3.3.1 installed already.
 There is NO sign of ipmasqadm on my system anywhere.
 
 I have run 'find / -name ipmasqadm' with no hits.
 
 I do appreciate your help.  Please don't stop now, but I am in no big
 hurry.  Perhaps there are others out there that have the needed info.
 
 Ok, another day, another try. :-)
 
 Here's the info you want, but you may not like it:
 
   #dpkg -S ipmasqadm
   netbase: /usr/sbin/ipmasqadm
   [...]
 
   #dpkg -l netbase
   Desired=Unknown/Install/Remove/Purge
   | Status=Not/Installed/Config-files/Unpacked/Failed-config
   |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,
   ||/ NameVersionDescription
   +++-===-==-=
   ii  netbase 3.12-2 Basic TCP/IP networking binaries
 
 As you see it's the unstable version of netbase. Don't worry you can 
 install it without having to fear that it breaks your system (at least it 
 didn't on my system ;-)
 
 Danke,  (sp?)
 
 You're welcome. (The spelling of Danke is right. :-)
 
 Ralf
 
 
 -- 
 Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
 +49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED]  * PGP ok!
 Sign the EU petition against SPAM: http://www.politik-digital.de/spam/
 

Thank you Ralf,

You have found the missing ipmasqadm for me.  I am not getting the same
returns you are showing using the 'dpkg -S' and '-l' commands, (I will
leave that for another thread).

I don't have any problem playing with the new toys.  I just have not
installed from potato untill needed.

Thanks again for your help.

-Bill


-
This mail sent through IMP: http://web.horde.org/imp/

Re: ipmasqadm question

[Bob Nielsen]

Bill,

Yes, the thread was cut a bit.  I didn't see the part about 2.2.1, sorry.

I am not running ppp on my machine with 2.2.2, but Documentation/Changes
says: 

   As of 2.1.102, the IP firewalling code has been replaced; ipfwadm
will no longer work.  You need to obtain ipchains, available from
http://www.rustcorp.com/linux/ipchains/ , and use that instead of
ipfwadm.

   To use masq forwarding you will need to obtain ipmasqadm,
available from http://juanjox.linuxhq.com/ .

The frozen and unstable Packages file discription for ipmasq refers to a
ipmasqadm package, but this package does not seem to exist.   Until it
gets packaged, you'll have to get it from the sources mentioned above.

Bob

On Thu, 4 Mar 1999 [EMAIL PROTECTED] wrote:

 Quoting Bob Nielsen [EMAIL PROTECTED]:
 
  Are you sure you don't mean ipfwadm (which is part of netbase)?
  
  Bob
  
  On Thu, 4 Mar 1999 [EMAIL PROTECTED] wrote:
  
   I checked with dselect and found I have ipmasq 3.3.1 installed already.
   There is NO sign of ipmasqadm on my system anywhere.
   
   I have run 'find / -name ipmasqadm' with no hits.
   
   I do appreciate your help.  Please don't stop now, but I am in no big
   hurry.  Perhaps there are others out there that have the needed info.
  
  
  Bob Nielsen Internet: [EMAIL PROTECTED]
  Tucson, AZ  AMPRnet:  [EMAIL PROTECTED]
  DM42nh  http://www.primenet.com/~nielsen
  
 
 Hi Bob,
 
 I believe ipfwadm only works with kernels  2.1.90 or so.  The reading
 I get from the kernel source with 2.2.1 is that ipmasqadm is required.
 
 This thread has been heavily cut.  The full details of my system are:
 
 Slink (mostly)
 2.2.1 kernel
 Looking for port forwarding tool(s).
 
 Thanks for you help,
 -Bill
 
 
 -
 This mail sent through IMP: http://web.horde.org/imp/
 


Bob Nielsen Internet: [EMAIL PROTECTED]
Tucson, AZ  AMPRnet:  [EMAIL PROTECTED]
DM42nh  http://www.primenet.com/~nielsen

ipmasqadm question

[whbell]

Hello all,

I seem to be lost on this issue, but here goes.  I am running a mostly slink 
system with a 2.2.1 kernel.  How do I enable port forwarding with this setup?

I have the kernel built correctly, (I believe), so I am not concerned in that 
area.  My question has to do with the tool(s) used to manage the port 
forwarding.  It looks like the ipportfw tool only works with a kernel  2.1.90. 
I have read that the tool I am looking for is called ipmasqadm, found at:

http://juanjox.linuxhq.com/

I have found the RH RPM at this site, along with the source code for this tool. 
 My first try at compiling and installing was unsuccessful.  (I have not put too

much effort into this approach yet).

Questions:

1- Am I on the right track with the ipmasqadm?

2- Is there a .deb out there for ipmasqadm?

3- If not, would I be better off using alien and the .rpm route or compiling my 
own install?

I have searched the Debian site and found this similar question asked twice in 
recent months.  In both cases, I was not able to find answers to these questions

on the list.

Thanks for your considerations,

--Bill



-
This mail sent through IMP: http://web.horde.org/imp/

Re: ipmasqadm question

[Ralf G. R. Bergs]

On Thu, 04 Mar 1999 13:25:07 -0600, [EMAIL PROTECTED] wrote:

1- Am I on the right track with the ipmasqadm?

Yes. YOu invoke it like this:

  ipmasqadm portfw ...

2- Is there a .deb out there for ipmasqadm?

Yes. I'm pretty sure that I did NOT compile it myself. I think I fetched the 
unstable version of the program. I'm not sure whether it's a stand-
alone package, or whether it's included in some net* package. In case you 
can't find it ask me again and I will look it up (I'm under NT right now.)


-- 
Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
+49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED]  * PGP ok!
Sign the EU petition against SPAM: http://www.politik-digital.de/spam/

Re: ipmasqadm question

[whbell]

Quoting Ralf G. R. Bergs [EMAIL PROTECTED]:

 On Thu, 04 Mar 1999 13:25:07 -0600, [EMAIL PROTECTED] wrote:
 
 1- Am I on the right track with the ipmasqadm?
 
 Yes. YOu invoke it like this:
 
   ipmasqadm portfw ...
 
 2- Is there a .deb out there for ipmasqadm?
 
 Yes. I'm pretty sure that I did NOT compile it myself. I think I fetched
 the 
 unstable version of the program. I'm not sure whether it's a stand-
 alone package, or whether it's included in some net* package. In case you 
 can't find it ask me again and I will look it up (I'm under NT right now.)
 
 
 -- 
 Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
 +49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED]  * PGP ok!
 Sign the EU petition against SPAM: http://www.politik-digital.de/spam/
 
 
 
 -- 
 Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED] 
 /dev/null
 
 


Ralf,

Please help me find this beast :-)

Thanks so very much.

-Bill

-
This mail sent through IMP: http://web.horde.org/imp/

Re: ipmasqadm question

[Ralf G. R. Bergs]

On Thu, 04 Mar 1999 15:51:51 -0600, [EMAIL PROTECTED] wrote:

Please help me find this beast :-)

I *think* it's

http://ftp.gwdg.de/pub/linux/debian/dists/unstable/main/binary-
i386/net/ipmasq_3.3.1.deb

Unfortunately I'm still under NT (:-) and I can't easily boot into the 
Debian system I have the binary installed under since this would involve 
removing my IDE hard drive and replacing it against the other drive, and I 
need to get work done at the moment.

Could you check the above URL, and if it turns out that this is NOT 
ipmasqadm get back to me?

Ralf


-- 
Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
+49-241-876892, +49-241-86 (fax) * [EMAIL PROTECTED]  * PGP ok!
Sign the EU petition against SPAM: http://www.politik-digital.de/spam/

ipmasqadm package?

[Lindsay Allen]

Just tried making a package of
ftp://ftp.compsoc.net/users/steve/ipsubs/linux21/ipmasqadm-0.3.2.tar.gz
but failed.  I compiled it with no trouble so I installed it under
/usr/local only to find that I cannot make it work.

Has anyone any knowledge of this?  I seem to remember some recent traffic
on this or a similar topic related to 2.0.36.

Anyone working with 2.1.x + ipchains + masquerade + eql and having
problems is invited to contact me privately - I may be able to help.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Lindsay Allen [EMAIL PROTECTED] Perth, Western Australia voice
+61 8 9316 2486 32.0125S 115.8445E vk6lj Debian Linux
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=