Yeah, I can see how not knowing what ports to open is a problem. With netfilter, you could just forward stuff between the PS/2 and the internet.
Red Hat Security and Optimization has a short discussion on netfilter and how the actual commands work. It's in chapter 20. At least it's a starting point. Marc --- Michael J Wenk <[EMAIL PROTECTED]> wrote: > Answers below: > > ----- Original Message ----- > From: "Marc Hasbrouck" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, January 25, 2003 9:58 PM > Subject: Re: [vox-tech] Linux networking question > > > > What version of Linux are you using? > > Debian linux woody with kernel 2.4.19. > > > > > > For a generalized look at firewalling, look around > for > > the O'Reilly book Building Internet Firewalls, 2nd > Ed. > > It gives a non OS specific discussion of > firewalling > > and ports. Also, go to netfilter.org (the iptables > > folks). > > I've read some of their stuff, and went thru the > manpages, but > unfortunately, I wasn't able to do what I wanted to > do. > > > > > If you have your DHCP server and clients set up > right, > > local traffic should stay local. At least it does > here > > on my systems. > > > > An example of the kind of addressing I use: > > > > Local network: > > IP adddresses: 192.168.100.1 through > 192.168.100.254 > > Net Mask: 255.255.255.0 > > Default Gateway: 192.168.100.1 > > Right now, Im completely DHCP, but my windows box, > and the PS2 are given > static addresses via DHCP. > > A little quirk of mine is to use the 10.0.0 network, > and my static > addresses(granted by DHCP) are below 40, dynamic are > 40-80, and everything > above 80 is non DHCP. I use a standard class C > subnet mask, and my default > gateway is my linksys router which is 10.0.0.200. I > hand everybody on DHCP > DNS servers 10.0.0.1(linux box), and whatever is in > resolv.conf(comcast.net > nameservers) > > My original solution did not work, and that was to > turn kernel level > netfilter logging on, and then figure out what ports > individual games wanted > open and then open them. It didn't work because no > matter what I did to > iptables and syslog, everything iptables would find > would be logged to the > console only. I wasn't able to figure it out, and > combing the manpages(and > even some of the netfilter sourcecode) didn't help. > Even with that, I was > looking for more of a general way to grant the ps2, > rather than individual > port forwarding which is sorta tedious. > > Ill check out that book sometime soon, thanks for > the suggestion. > > > > > > > When I reference an address out side of the above > > range, the packet is routed to the gateway (in > this > > case, 192.168.100.1). Otherwise, the packet should > > never cross the gateway. > > > > Marc > > > > --- Michael J Wenk <[EMAIL PROTECTED]> wrote: > > > I have a question that has cropped up recently. > I > > > have a gamesystem with an ethernet card in it. > My > > > old setup had everything going thru my linux > system > > > to the internet. The linux box has a DHCP and > > > caching DNS server running and it all seemed to > work > > > great. I have had this setup since December of > 2000 > > > and have had to make little modifications to it. > > > Unfortunately, my PS2(the above game system) > does > > > not seem to like this very much. The issue is > > > unfortunately port forwarding. To fix this(on a > > > temporary basis) I used the router portion of my > > > hub(its a linksys cable/DSL router that I bought > a > > > few years back on the hopes that it would work > > > better or at least as well as the linux in > routing, > > > and save me a few bucks on power. Unfortunately > > > back then, it failed miserably. However, > recently > > > with my current problems, I was reading that the > > > thing is upgradable by firmware. I did that and > it > > > works better. Rather than fail after a few hrs > of > > > operation, it lasted about a week before > requiring > > > powercycling. My problem is more software and > comes > > > from the fact that game makers for PS2 don't > seem > > > very communicative about what ports need to be > > > opened in their software for stuff to function > > > properly. The linksys router supports a DMZ > host > > > which throws the PS2 system on the network > > > unprotected. My question is, is there a way to > do > > > this in software in the linux box? I know I > could > > > probably get 1 more hub, and put the exterior > > > connections(the PS2 and the linux box) on it and > get > > > another IP from comcast. I don't want to do > this > > > for my whole network, and it comes from the fact > > > that I never could convince my systems that they > > > didn't need to go to the internet for local file > > > xfers(which I do a lot.) So, does anyone have > any > > > idea how to simulate the DMZ portion of the > linksys > > > router under linux? Im running a 2.4 > kernel(2.4.19 > > > to be exact.) Oh, and I'm looking for something > a > > > bit cleaner than just forwarding every port to > the > > > PS2. > > > > > > Mike > > > > > > > > > __________________________________________________ > > Do you Yahoo!? > > Yahoo! Mail Plus - Powerful. Affordable. Sign up > now. > > http://mailplus.yahoo.com > > _______________________________________________ > > vox-tech mailing list > > [EMAIL PROTECTED] > > http://lists.lugod.org/mailman/listinfo/vox-tech > > _______________________________________________ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
