[masq] Internal windows machine bringing up ppp link
Linuxers, I have a masqueraded lan that connects to the internet via diald. Everything works fine, except when I start my internal windows machine, it brings up the diald link. It is running the microsoft networking, sharing out files and a printer, using TCP/IP only. I don't know if I can prevent this with a diald standard.filter change, or I can stop it with an ipfwadm command. I have read the diald faq, and been through the masq HOWTO. The faqs tell me that I should run tcpdump to find out the type of packet that may be opening the link, but I have little experience with this command, and was hoping to get an answer here. Can anyone help? Thanks in Advance, - Dave McFerren [EMAIL PROTECTED] System Administrator Net Solutions, Inc. 816-220-0303 fax 816-220-0333 - "It never hurts to help!" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] VPN Question
Hi, I was wondering if anyone knows where I can get additional documentation on VPN and Linux aside from the VPN Howto. Thanks, Dave C. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] irc server get internel ip??
Hello, My ip_masq_irc.o is there. I made sure it was included in the rc.local file when i first setup ip_masq. Any other suggestions? Thanks in advance, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Francis GALIEGUE Sent: Sunday, September 20, 1998 8:06 PM To: Dave C Subject: Re: [masq] irc server get internel ip?? Dave C wrote: Hello, When i connect to irc, irc server get internel net ip is this proper? or is there any way of masqing this? Looks like you haven't inserted the module ip_masq_irc... modprobe ip_masq_irc -- fg "Software is like sex, it's better when it's free" (Linus Torvalds) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] M$ NetMeeting
Try looking at http://dijon.nais.com/~nevo/masq/ And see if that helps you... - Dave McFerren [EMAIL PROTECTED] System Administrator Net Solutions, Inc. 816-220-0303 fax 816-220-0333 - "It never hurts to help!" Is it possible to use NetMeeting in such situation NT box -- Linuxbox - Another Linux box W95box masq internet a. masq I want to use NM between NT and W95... what should I do? use ipportfw...? .. and another thing: i have ip_masq_cuseeme.o loaded --- Marcin Owsiany [EMAIL PROTECTED] --- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] How do i configure ip masq in this situation?
Hi, I am pretty new to ip masq and I have read the mini-HOW-TO but I'm still confused. Here is my situation: I have 1 win95 (one NIC) box, 1 linux (one NIC) box one cable modem. All connected to a hub. I have configured my Linux box to connect to the internet through the cable modem which assigns linux an ip (65.202.10.11) through DHCP. I have configured my win95 with an static ip 192.158.1.10. The question is how do I configure ip masq so that my win95 box can use the internet. It would be helpful if the answer is explained to me conceptually, at least this way I will learn with the help of a little coaching :) Here is a diagram: 192.168.1.10 _ ____ || || 65.202.10.11 | | | w95 |-| Linux | | Cable Modem | || |__|| | Thanks Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] 3Com 3c905 card
What version of 3c59x.c is built into your kernel? I had the same problem with my board until I used at least version .99D (dated 4/26/98), which did NOT come by default with my linux distribution (RedHat 5.1). Dave Merkel On Sun, 23 Aug 1998, Charles Shoemaker wrote: Ok, it's a little off-topic. I'm building a masquerading gateway for a client, which has a 3C905 "Vortex" 10/100 card in it. Eventually there will be 2 of these. Right now, I'm having difficulty getting ONE card to talk to my office network. The card appears to initialize correctly, and looks OK in ifconfig, but won't talk. Pings fail, and telnet attempts come back with "no route to host". My /etc/sysconfig/network file is identical to others; the output of route looks just like my working machines, but no apparent communications. I also can't ping this machine from others on the local network. I'd appreciate any thoughts, before I dump these "fine" cards and put in $20 NE-2000 clone cards. (I seem to have more trouble with new 3Com cards than any others, in Win 95 and NT machines, too. These cards won't connect, but cheap cards find servers and the rest of the network first time, every time. Is there something wrong with me? Are the Network Gods frowning on me?) Charlie Shoemaker - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] mirc-DCC ?
I have a small net with a linux gateway and two win95 box's I have the fire-wall setup in usual way ipfwadm -F -p deny ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 I also have mods compiled ftp, raudio, irc ...etc and have /sbin/modprobe module in my rc.local file. I had trouble with recieving files with icq...so i put the ipautofw lines in that the masq page talked about and that fixed the problem Now my wife is complaining that when she is in mirc that she cant DCC send and file or a chat...but she can recieve onehmmm so i experimented with what the masq page said on irc...and replaced /sbin/modprobe ip_masq_irc with /sbin/insmod -s -m ip_masq_irc ports=, 6667, 1024, 5000 etcand tried different ones but still she can't DCC send a file or a chat. has anybody in this group delt with this problem... thanks, dave [EMAIL PROTECTED]
[masq] VPN thru masq firewall
This is slightly peripheral to the list but, I'm running R H5.0 2.0.32 kernel as a masq box, and I'm trying to set up an IP tunnel from a win95 machine to a service provider using MS VPN driver. I'm basically running a copy of the firewall rules in Ambrose Au's Howto, section 4.4. I have an instruction from the provider saying I 'cannot block port 1723 and IP protocol 47'. This presumably means that I must both ensure that this is port is enabled, and used. I'd appreciate any clues. Thanks, --dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] problems with mirc
Greetings. I don't know if this helps anyone, perhaps it might give some knowledgable person out there a kick start, but a while ago someone had trouble starting a chat in ICQ, and this suggestion was posted to the list. Maybe something similar could be done for IRC?? Dave -- include -- Copied from: http://dijon.nais.com/~nevo/masq/chat.html#icq ipautofw -A -r tcp -h www.xxx.yyy.zzz I have taken some discretion here as we've gotten lots of different solutions to this program. I will summarize what I have seen as the best method. I would like to thank everyone who was contributed in getting this working properly. --Lee First you will need to run the previous ipautofw command for each computer that will be running ICQ. You want and to be at least 11 ports apart. That is the minimum that ICQ will accept without complaining. Try to seperate the port ranges so the problems with ipautofw aren't noticed so badly (i.e. 2000-2010). You want to change www.xxx.yyy.zzz to the ip of the machine running ICQ. Then disconnect from the ICQ network. Go into the Preferences folder/Connections tab and select "Permanent LAN" and "I'm behind a proxy server/firewall." Then click on "Firewall Settings" and set ICQ to use the range of tcp ports from to not the default automatic selection of ports. Finally, reconnect to the ICQ network to apply the new settings. --edulcni-- -Original Message- From: Doug Clements [SMTP:[EMAIL PROTECTED]] Sent: Monday, July 06, 1998 4:26 PM To: [EMAIL PROTECTED] Subject:Re: [masq] problems with mirc I've found the same thing on my Mac irc client. Dcc doesn't work becuase it's a Direct Client to Client connection. It's completely seperate from irc. I have no idea how to get it to work, however. --Doug hi ...i have a strange problem with mirc ...when i try to dcc chat someone it doo't work ...but when someone sends me a dcc chat it works ... im using redhat 5.1 and i did oad the ip_masq_irc module - Karsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Redhat 5.0
Greetings. I use Slackware, but someone earlier posted on the list for RedHat that you have to do this: cat "1" /proc/sys/net/ipv4/ip_forward to enable ip forwarding. Also tt looks like you might have '#' signs in front of the lines you added to rc.local. If you have, then they are comment lines, remove the '#'s to make them not comment lines. hth Dave -- From: Jeff Bloemink[SMTP:[EMAIL PROTECTED]] Sent: Thursday, July 02, 1998 8:24 PM To: [EMAIL PROTECTED] Subject:[masq] Redhat 5.0 Anyone here got IP Masquerading under redhat 5.0? I have tried everything that I've read. I have compiled all the options into the kernel that were specified in the IP Masqerading HOWTO and my computers are communication over the network. One of my computers is a Windows '98 machine, which has an IP address of 192.168.1.2, and the other is a Linux machine with an IP address of 192.168.1.1. I have 192.168.1.1 set up as my gateway in for the TCP/IP protocol for my NIC in Windows. I've also added the following to my rc.local file: # ipfwadm -F -p deny # ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 But it still does not work! Any help would be appreciated, thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Ftp module for ip_masq
Greetings. Mine is in /lib/modules/2.0.33/ipv4 (the 2.0.33 bit stems from the fact that I am running kernel 2.0.33 - if you are running a different kernel this part of the path will be different) and the module for FTP is called ip_masq_ftp.o To load it you should do something like this: /sbin/modprobe ip_masq_ftp I have placed this line in my /etc/rc.d/rc.modules so that this module is loaded each time my Linux box reboots. To see which modules are loaded do this: cat /proc/modules Note that all these suggestions are based on Slackware 3.4 kernel 2.0.33, other distributions might store the files in slightly different directories, but it should be close. hth Dave -- From: Ian MacLeod[SMTP:[EMAIL PROTECTED]] Sent: Saturday, 27 June 1998 13:52 To: [EMAIL PROTECTED] Subject:[masq] Ftp module for ip_masq Hi, I'm having trouble ftp'ing from the computers hooked to my masq linux box. I heard i need a module for ftp'ing and so looked everywhere for it. If anyone knows where this is, and maybe some help on how to install it, i would be so happy. Thanx in advance, Ian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] [masq] IP - masquerade setup problems
You need to 'ipfwadm -F -p deny' first to set a default policy. then you can 'ipfwadm -F -a ...' to append forwarding rules to the default policy. Re-read the last sentence you quoted below. On 11 Jun 98 at 17:01, Bill Eldridge wrote: From the man page: These rules regulate the acceptance of incoming IP local network interfaces are checked against the input firewall rules. The first rule that matches with a packet determines the policy to use and will also cause the rule's packet en byte counters being adapted. When no matching rule is found, the default policy for the input firewall is used. If you deny everything first, then any packet will match that denial, and be rejected. (which is the same way Ciscos do it). Unless I'm horribly confused. -- Bill Eldridge Radio Free Asia [EMAIL PROTECTED] -Original Message- From: Joachim Feise [EMAIL PROTECTED] To: Bill Eldridge [EMAIL PROTECTED] Cc: Steve Helder [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Thursday, June 11, 1998 4:54 PM Subject: Re: [masq] [masq] IP - masquerade setup problems Bill Eldridge wrote: Order matters, so if you deny everythingfirst, then the rules never meet the allowclauses later. As mmy first guess.-- That is not quite right, actually, it is wrong. For security reasons, you always should deny everything first, and subsequently allow things like forwarding. Did you enable forwarding in the proc fs? Try adding this line to your rc script: echo 1 /proc/sys/net/ipv4/ip_forward Oh, and please don't send HTML-formatted messages. ASCII is preferred (I hope I didn't copy the tags over when I copied the text). -Joe Bill Eldridge Radio Free Asia [EMAIL PROTECTED] -Original Message- From: Steve Helder [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Thursday, June 11, 1998 2:36 PM Subject: [masq] IP - masquerade setup problemsI am attempting to use IP-Masquerading on a newly installed Redhat 5.1 Linux box. I am connected to my ISP using PPP and can ping the nameservers from Linux. I have followed the instructions in the Linux IP Masquerade mini HOWTO by Ambrose Au for setting up my Windows 95 machine. After I set it up I can ping the ethernet card on the Linux box which is 10.0.100.5 but can't get any further. (pinging the nameservers) I have setup the ipfwadm -F -p deny and ipfwadm -F -a m S 10.0.100.0/24 -D 0.0.0.0/0 on the Linux box. I am assuming I am close but missing something. Any assistance would be appreciated Steve Helder -- Joachim Feise Microsoft Certified Solution Developer mailto:[EMAIL PROTECTED] http://www.ics.uci.edu/~jfeise/ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] Slow downloads...
I have a Pentium here at home set to do IP Masq. It has 16M RAM, a 56KFlexmodem (with Flex capability at my ISP) and is running Caldera OpenLinux with kernel 2.0.33. At any given time there are at most four computers on it (all using http services). The problem? Download rates never go any faster than 1K/sec. If there are four people on using Netscape, we all get (approx.) 1K/sec. If there is one person on, he gets (approx.) 1K/sec. When I connect through the modem in my PC to my ISP (NOT using IP Masq; I am the only one on) I get a transfer rate of about 2.5K/sec through my 33.6 modem. Clearly, there is something up with the Linuxbox and/or the IP Masquerading. Any ideas? I've read a lot about MTU/MRU problems (which supposedly are fixed in kernel 2.0.33). I know that to check my ISPs values I need to call them. How (or where) in Linux do I check my values? Any help would be greatly appreciated... dg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] ip masq connects best if constantly pinging clients
Greetings. I've been away for a coupla days. Glad to see you've got it working :) Here's a coupla thoughts. Most people know the common IRQs for things like the first two serial ports and parallel port (from the old DOS days ha ha), so forget those. Then cat /proc/interrupts as John suggested, and that will tell you which other ones are being used. Then just pick an unused one that you like, and it should work. Don't forget to cat /proc/ioports to see which I/O ports are available as well. My ethernet card NE2000 compatible was set to one particular IO port which was not being scanned by the Linux NE startup code, so I changed ne.c so it would scan that port. Made a kernel, and everything works fine. It was easier than trying to find the manual to find out which jumper to change on the card. That particular kernel is running on 3 Linux boxes now without a hitch. But you've got it working which sounds like there is no IO port conflict, but it is something else to be aware of. I've found a lot of interesting information in /proc which is not necessarily readily legible, but easily accessible if you want to write a program to interpret it for you. A lot of the Linux utilities use information from here for process display, cpu usage etc. etc. Well worth spending an hour or so looking around in there. :) Dave -- From: Joachim Feise[SMTP:[EMAIL PROTECTED]] Sent: Thursday, 4 June 1998 5:36 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; 'Dave'; 'masq' Subject:Re: [masq] ip masq connects best if constantly pinging clients It only shows the used ones, but you have to know that irq3 is still reserved for the second serial even if it doesn't show up. Joe John Lombardo wrote: cat /proc/interrupts Shows which interrupts are in use and what they're used for. -Original Message- From: Joachim Feise [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 03, 1998 8:35 AM To: [EMAIL PROTECTED] Cc: 'Dave'; 'masq'; 'linux-net' Subject: Re: [masq] ip masq connects best if constantly pinging clients Not that I know of, but then I didn't need such a tool yet. I remember a couple tools under dos. As a general rule, you more likely find a free irq in the upper range. I always use either irq 10 or 11. -Joe Jann Linder wrote: is there a way to find out which irq's are unused in linux now so i know what to set it to? Jann [snip] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] dynamic IP address
Greetings. Have a look in the man page for pppd and search for ip-up (and up-down). This scripts/programs if present are supposed to be executed when the ppp IP link becomes available or otherwise. A number of parameters are passed by pppd to these scripts, including the local and remote IP addresses. hth Dave -- From: Chris Read[SMTP:[EMAIL PROTECTED]] Sent: Thursday, 4 June 1998 19:05 To: '[EMAIL PROTECTED]' Subject:[masq] dynamic IP address I am using masq on a dial on demand PPP connection which uses a dynamic IP address. When the link first comes up, I always lose the first packet, which appears to be addressed to the old peer/from my old IP address.. This then causes my users to get failure messages, which go away when retried. In particular, the first DNS request from a WinXX system nearly always fails. More of an annoyance than a problem, but has anyone got any ideas ? Chris Read - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] ip masq connects best if constantly pinging clients
Greetings. It might have something to do with DNS entries expiring perhaps. If you keep pinging then possibly the DNS entries would stay there. If there was no activity maybe the DNS entries would expire and be removed from the cache. I noticed that if my Linux machine (before I connected it to the network) could not resolve a name locally it would try to contact the next higher DNS, but not being connected could not, so it timeouted, but this took a few seconds. You can try doing a ipfwadm -M -l (lowercase ell) which will list the masquerading entries, and show you the times those expire as well. hth Dave -- From: Jann Linder[SMTP:[EMAIL PROTECTED]] Sent: Wednesday, 3 June 1998 10:18 To: 'masq' Subject:[masq] ip masq connects best if constantly pinging clients Anyone heard of IP Masquerade running on linux kernel 2.0.32 listening closer if you continually ping a client machine? my client is winnt and if i set linux to continually ping it, then the linux box receives an acts on TCP requests from the winnt box faster...sometimes it doesn't recognize the winnt box ax all...here are the commands and routing i am using on the linux box. ipfwadm -F -f ipfwadm -F -p deny ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 Leaving out the Metric, Ref and Use as they would not tell you anything-- Destination Gateway Genmask Flags Iface mg134-198.domain* 255.255.255.255 UH ppp0 192.168.1.0 * 255.255.255.0 U eth0 127.0.0.0 * 255.0.0.0 U lo default mg134-198..domain 0.0.0.0 UG ppp0 Thanks in advance for advice. Jann (bad day!) ;( Jann Linder Web Developer/CH2M Hill - SFO [EMAIL PROTECTED] Home Page: http://www.jann.com/ CalendarPlus Web Site: http://www.calendarplus.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] masqueraded http slows down
Greetings. I have finally got my Linux box connected to our ISP and basically working doing masquerading amongst other things. Not through problems, just lack of time on my part. (Or on my hands.) Slackware Linux 3.4, kernel 2.0.33 (compiled with IP_MASQUERADING etc. etc.), um, pppd 2.2.0 etc. The rest is a standard Slackware 3.4 distribution. Running on a 486DX4/100 16M RAM, 38400 modem. During tests the CPU was idle about 97% (according to vmstat). The client is a Windows 95 pc with the Linux box configured as the default gateway and dns. Eventually about 8 PCs will be connected to the internet via the Linux box, internet usage is not huge tho. DNS works fine. pppd works fine. Email works fine. ftp works fine (provided I load the appropriate module :) http (using Netscape and Internet Explorer) works fine ... but ... after a while, usually around 15 or 20 minutes, loading web pages will slow to a crawl. At first response is fine, the modem lights flash and there is lots of receiving. But after this there is no activity. Occasionally the send light flashes. Minutes pass, then the receive light flashes a couple of times. According to Netscape transfer speed is something like 9 bytes/sec, that's just before the transfer stalls. At the same time tho, other things like ftp, traceroute, pings, emails still seem to work fine. MTU is 1500, ftp transfers of megabyte files happens very quickly and very smoothly. Any ideas about what might be going wrong and/or what I can do to fix it are more than welcome. tia Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Using masquerade with Gaming
Look at the masquerading applications page. http://masqapps.home.ml.org They got most games there. Craig Handjian wrote: Hi group, I have RedHat 5.0 running masquerading off a cable modem. My routing tables, forward rules and such are in line with everyone elses examples. Where my question lies is in gaming. How can I make the clients with the non-routable IP's play games. There is the quake.o module but what about games like Age of Empires, StarCraft, etc If you know where the reading material is located please direct, else, anyone succesfull with this, your input is greatly appreciated.Thank You in advance! Craig [EMAIL PROTECTED] "Only wimps use tape backup: Real Men just upload their important stuff on ftp, and let the rest of the world mirror it. " -- Linus Torvald "Real Solutions for a Virtual World" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] FTP Server Behind Firewall PASV FTP ???
I am working on developing a firewall system for a client utilizing RedHat 5.0 and IP Masquerading. I have pretty much got everything working to my satisfaction with the exception of one thing. I have a public FTP Server sitting behind the MASQ machine... I am using a very minimal set of rules as a result of this problem. I like to start simple and get everything working before I attempt to tighten things up. Anyway, I am using ipportfw to bounce all incoming requests received on port 21 by the MASQ machine to the FTP Server behind the firewall. This works great with "standard" or "ported" FTP clients (i.e. CuteFTP, WS_FTP, etc...). However, it does not work so great with PASV FTP clients like the ones built into many of the standard Web browsers. Here is my limited understanding of how PASV mode FTP works... I understand that the incoming "command" channel still comes into the FTP server on port 21 as with "standard" FTP requests... and I understand that the server then picks a port 1023 and sends the port number back to the client so that the client can open a second "data" channel to that port on the FTP server. Initially I figured that all I had to do was setup ipautofw on the MASQ machine to bounce all requests received in that range (1023) to the FTP server behind the firewall... and as you have probably guessed... it did not work. Using a PASV mode FTP client I think I see why... the initial "command" channel is opened no problem... and it would appear that the servers reply with the port number is received by the client no problem... the problem seems to be when the client tries to open the second "data" channel with the FTP server it tries to open connect to the un-masqed IP address of the FTP server located behind the firewall.. If anyone has a "work around" or suggestions I would appreciate it... I am a bit stumped on this one since the IP address must be coming in to the client as part of the FTP servers port response ??? Thanks, Dave Hammond Network Administrator - EZ-Net [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] Slackware masquerading
Greetings. Most of the discussions on this list seem to involve RedHat Linux. I am running Slackware 3.4, kernel 2.0.30, no patches. A very basic installation running on a 386DX40 laptop with 8M RAM. Is there anything I need to be aware of, or any patches which should be applied, to setup IP masquerading on this system? I have been following this list for about a month, reading books, FAQs, HOWTOs, so I have a reasonable idea of where I'm heading. I am playing with this in my spare time to prove it can be done. If I can get it working then I will probably be given a new pc, lots of RAM, lots of disk etc. to put it into production, so any pointers would be greatly appreciated. tia Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] port 80 http ?
I am a little overwhelmed into this aspect of masquerading with so many diferent angle's never the less I have an operating LAN with a dx266 server with masq in operation and two win95 machines that use the linux box as the internet gateway.I also have a ip-up script that post my dynamic ip to my webpage, so I can use the ftp and telnet features of the server... which all work fine. With that said, now to the question.The linux box has apache set up and working of which I would like to set a link in the ip-up script so that I can not only use the ftp server but also be able to http://my ip and use the web server. Right now in setting this up it cant see 192.168.1.3 from the internet side (naturely), I need to open the fire wall up so that http://my dynamic-ip resolves to the web server on my linux box. Right now my firewall consist's of two lines in /etc/rc.d/rc.local which are ipfwadm -F -p deny ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 What can I change or add to open this up... thank's [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
