Re: [masq] [masq] settings question.
Uhh, yes they are both very different
the 2 variables presuppose you are using the setup from chapter 10 which
has your internal network of computers (ms windows) which are connected
into a linux samba/router/file server box that forwards all packets to a
separate firewall box which masq's said packets onto the net.
The ipfwadm ruleset in question would be run on the the firewall box.
the file server would have 2 nics in it, the internal nic would be on
PRIV_NET on subnet (192.168.1.xxx) , while the external one would be on
a different subnet in common with the internal nic of the firewall pc
(192.168.32.xxx). These subnets are the examples direct from the book.
On 15 Nov 98, at 19:04, David A. Ranch wrote:
I doubt the FIRE_NET and PRIV_NET are the same. One
interface should be the IP address of your Internet
connection and the other should be the IP of your
private LAN connection.
To get your dynamic IP address for your script, try this
little script from the TrinityOS doc. Please note the
different "'" and "`"s since they are critical:
This also assumes your Internet connection is a PPP link.
FIRE_NET=`/sbin/ifconfig | grep -A 4 ppp0 | awk '/inet/ { print $2 } ' |
sed -e s/addr://`
Beyond that.. I can't help you out more since I haven't
seen that IPFWADM script before.
old age getting to ya dude, memory going?!?! ; - ) that's the same script
you were helping me out with when I was having trouble getting pasv ftp to
work through my masq box. I am rebuilding the firewall box with RH5.2 and
the scsi hdd in the fileserver bit the dust a few days ago, so I have to pretty
much start the whole thing from scratch again sigh
Harondel J. Sibble
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (pgp enabled)http://www.pdscc.com
(604) 739-3709 (voice/fax) (604) 686-2253 (pager)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
Re: [masq] IPmasq help
I want to thank everyone for those faster than expected responses! With your help it's running like a champ! thanks again! -Brian Brian R Tuley [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FW: masq FTP help!
Thanks for your response! I'm pretty sure I've configured for the ftp module to be masqing, because I use ftp quite a bit and it works fine except for this instance. I think it has to do with the way masquerade entries are made in the masq table when ftp is connecting to a non-default port (not 21) and setting up for de-masq. For ftp i'm using: "ip_masq_ftp ports=21,12345" and of course from the WIN95 box ftpOPEN xxx.xxx.xxx.xxx 12345 The PORT statement is getting manipulated on the linux - example: PORT 10.0.1.1.5.142 is changed to PORT 204.90.180.84.239.71 (this what the ftp server receives) and entries are made to masq tables on linux (I don't know specifically if they are correct) but .. ipfwadm -M -l shows: prot expire source destinationports tcp 01:06:53 win95.domain mainframe.com 1422 (61255) -- 0 and /proc/net/ip_masquerade shows: Prc FromIP FPrt ToIP TPrt Masq TCP 0A000102:058E CX93AE0E: EF47 0 0 16218 My guess is that ip_masq_ftp somehow manages for default ftp ports 20 and 21 but doesn't for non-default ports? Maybe the ipportfw is the answer. Any help would be greatly appreciated. Dave Corlew -Original Message- From: Tim Fletcher [mailto:[EMAIL PROTECTED]] Sent: Monday, November 16, 1998 10:19 AM To: Corlew, David (GEIS) Cc: [EMAIL PROTECTED] Subject: Re: [masq] FW: masq FTP help! My problem is with ftp! It works successfully using client on win95 box to ftp server (control and data connections) using OPEN host. No problem. But I have a REAL need to open to a certain host server that is enabled to a specific non-default port. OPEN pp The control connection works just fine. However, any PORT protocol command for this type connection is not masq'd. so data connections can't reach my win95 machine. Could anyone help with this one. It sounds like you haven't installed the ftp module for ip masqing Note: The server in question is proprietary and does not support PASV. I have also tried specifying the special port in the "ip_masq_ftp ports=n" and did notice at least the server received a masqueraded port command (in the range 61000-61499) but could not make successful data connection back to my client. Try using ipportfw from ethier a 2.1.124+ kernel or a patch agaist 2.0.35, I can't rember were I found the patch bu it works very well. I can use an nfs server behind the firewall and other fun things. I can mail the patch and the control progie src to you if you want. Tim Fletcher .~. /V\ L I N U X [EMAIL PROTECTED] // \\ Don't fear the penguin [EMAIL PROTECTED] /( )\ ^^-^^ Software, n.: Formal evening attire for female computer analysts. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] Directplay through masq box
Has anybody got updated info on this? I sifted through MS' "technical info" and the most technical it got was how to download the software for internet gaming zone. I found an entry on it in a masq apps list, but a lot of the info on there I noticed was inaccurate and thus I was hoping it was possible to get by with less than the 30-40 thousand ports that one suggested opened. Anybody have solid info? Is it like netmeeting where it just assumes *all* ports are available for its inconvenient pleasure? Tia, Frode - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
