Solved

IPAUTOFW problems (help me please.)

Posted on 1998-09-03
11
296 Views
Last Modified: 2008-02-20
**NEWS FLASH** I'm pretty sure I'm using the WRONG program for this, question now concerns IPPORTFW... see comments below... thank you.

--Original Message--

   I'm trying to get the IPAUTOFW program to forward certain ports on the firewalling machine to ones inside the firewall. I have compiled linux with IP Forwarding on (enabled in etc/sysconfig/network), masquerading on, IPAUTOFW support on. Basically I turned most of the networking tabs on.
   The firewall is working now, I can http/ftp/whatever out of it and get information back, but the ipautofw program just will not work. Here's the commands I used for both ipfwadm and ipautofw.

ipfwadm -F -f
ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0
(also tried ipfwadm -F -m -a (a/m) -S ..., but no luck).

ipautofw -A -r 21 21 -h 192.168.2.2

    See now that should forward it over to the other machine's port 21 right? I've searched the limited base of info related to ipautofw and this was how I was told to set it up, and it makes sense to me? But why the heck isn't it working? Help me soon please, I only have a few days of summer left before I have to go back to school and won't have any time to work on my baby!

0
Comment
Question by:jguerin
  • 4
  • 4
  • 2
  • +1
11 Comments
 

Author Comment

by:jguerin
ID: 1586637
Edited text of question
0
 
LVL 1

Expert Comment

by:fmismetti
ID: 1586638
I have a linux box acting as ip forwarder between my internal network and the internet.

I am using kernel 2.0.35, compiled with ip forward and ip masquerade. Also, I have ipfwadm-2.3.0.

Commands to forward:

ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8

All machines inside my net have ip addresses 10.n.n.n and are configured to have the linux box as gateway. In the linux box I have two cards, one in 10.n.n.n and the other with a public ip from the internet and in the same network my physical link to the internet is.

I have no problems at all. Hope it helps you.
0
 
LVL 1

Expert Comment

by:fmismetti
ID: 1586639
I have a linux box acting as ip forwarder between my internal network and the internet.

I am using kernel 2.0.35, compiled with ip forward and ip masquerade. Also, I have ipfwadm-2.3.0.

Commands to forward:

ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8

All machines inside my net have ip addresses 10.n.n.n and are configured to have the linux box as gateway. In the linux box I have two cards, one in 10.n.n.n and the other with a public ip from the internet and in the same network my physical link to the internet is.

I have no problems at all. Hope it helps you.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 1

Expert Comment

by:Sieger
ID: 1586640
What is not working?
What's the setup of your clients?(Windows 95/NT)
0
 

Author Comment

by:jguerin
ID: 1586641
OK first off I think I'm using the wrong program for this task...
I want to access a computer behind my firewall from outside the firewall. I believe the program I need is ipportfw. I downloaded the source, patches, and other necessary files for ipportfw. I patched the kernel, recompiled, compiled ipportfw, and sent it over to the other machine (compiled on fast linux box and sent to server). I copied the image over, ran  lilo to reload everything, and rebooted. I now get a bunch of problems with ipportfw when I run it.
1) When adding rules, typically get "setsockopt" errors.
2) When viewing the rules, I get "can't open /proc/net/ip_portfw, did you install port forwarding?". This file doesn't exist. WTF do I do about this?
3) When clearing the list, I get another "setsockopt" error, invalid protocol.
Comments, answers?

0
 
LVL 1

Expert Comment

by:Sieger
ID: 1586642
I got the exactly the same error when I tried to do this... if you do ipportfw -L to try to get a list, then it will probably say are you sure you installed ipportfw that kinda stupid question..
0
 

Author Comment

by:jguerin
ID: 1586643
Yep that's the one.
Correction above... When I try to add a rule, it says that the destination is invalid... no matter WHAT I enter. I tried entering 5 different addresses, all of them valid (they exist and are reachable), and the thing still complains!?
Kernel version 2.0.35, all packages downloaded from the Steve guy's homepage. I know SOMEBODY out there has it working ; ).
0
 

Author Comment

by:jguerin
ID: 1586644
Edited text of question
0
 
LVL 2

Expert Comment

by:JYoungman
ID: 1586645
You could use rinetd from ftp.boutell.com.

0
 
LVL 1

Expert Comment

by:Sieger
ID: 1586646
I tried rinetd and get this error message

rinetd: couldn't bind to address 111.222.333.44  port 1723

where 111.222.333.44 is the VPN server..
tried to switch the ip around in the conf file but no luck...

jguerin must be in school already :(
0
 
LVL 1

Accepted Solution

by:
Sieger earned 200 total points
ID: 1586647
If you are sure you got the patch to install successfully, and you got the kernel to recompile and you got the same problem as I had before, then I am pretty sure the reason  is that you didn't type "lilo" after you recompile as it won't read your newly compiled kernel without doing so.  I just remember to do so during the weekend and i got it to work !!!  Good luck!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux - Fibre Channel arbitrated loop 2 99
linux dns for internal resolve 2 59
IPA - running on unsupported CentOS servers? 1 98
Linux on a Dell PowerEdge 720 3 132
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question