Solved

IPAUTOFW problems (help me please.)

Posted on 1998-09-03
11
304 Views
Last Modified: 2008-02-20
**NEWS FLASH** I'm pretty sure I'm using the WRONG program for this, question now concerns IPPORTFW... see comments below... thank you.

--Original Message--

   I'm trying to get the IPAUTOFW program to forward certain ports on the firewalling machine to ones inside the firewall. I have compiled linux with IP Forwarding on (enabled in etc/sysconfig/network), masquerading on, IPAUTOFW support on. Basically I turned most of the networking tabs on.
   The firewall is working now, I can http/ftp/whatever out of it and get information back, but the ipautofw program just will not work. Here's the commands I used for both ipfwadm and ipautofw.

ipfwadm -F -f
ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0
(also tried ipfwadm -F -m -a (a/m) -S ..., but no luck).

ipautofw -A -r 21 21 -h 192.168.2.2

    See now that should forward it over to the other machine's port 21 right? I've searched the limited base of info related to ipautofw and this was how I was told to set it up, and it makes sense to me? But why the heck isn't it working? Help me soon please, I only have a few days of summer left before I have to go back to school and won't have any time to work on my baby!

0
Comment
Question by:jguerin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 

Author Comment

by:jguerin
ID: 1586637
Edited text of question
0
 
LVL 1

Expert Comment

by:fmismetti
ID: 1586638
I have a linux box acting as ip forwarder between my internal network and the internet.

I am using kernel 2.0.35, compiled with ip forward and ip masquerade. Also, I have ipfwadm-2.3.0.

Commands to forward:

ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8

All machines inside my net have ip addresses 10.n.n.n and are configured to have the linux box as gateway. In the linux box I have two cards, one in 10.n.n.n and the other with a public ip from the internet and in the same network my physical link to the internet is.

I have no problems at all. Hope it helps you.
0
 
LVL 1

Expert Comment

by:fmismetti
ID: 1586639
I have a linux box acting as ip forwarder between my internal network and the internet.

I am using kernel 2.0.35, compiled with ip forward and ip masquerade. Also, I have ipfwadm-2.3.0.

Commands to forward:

ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8

All machines inside my net have ip addresses 10.n.n.n and are configured to have the linux box as gateway. In the linux box I have two cards, one in 10.n.n.n and the other with a public ip from the internet and in the same network my physical link to the internet is.

I have no problems at all. Hope it helps you.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 1

Expert Comment

by:Sieger
ID: 1586640
What is not working?
What's the setup of your clients?(Windows 95/NT)
0
 

Author Comment

by:jguerin
ID: 1586641
OK first off I think I'm using the wrong program for this task...
I want to access a computer behind my firewall from outside the firewall. I believe the program I need is ipportfw. I downloaded the source, patches, and other necessary files for ipportfw. I patched the kernel, recompiled, compiled ipportfw, and sent it over to the other machine (compiled on fast linux box and sent to server). I copied the image over, ran  lilo to reload everything, and rebooted. I now get a bunch of problems with ipportfw when I run it.
1) When adding rules, typically get "setsockopt" errors.
2) When viewing the rules, I get "can't open /proc/net/ip_portfw, did you install port forwarding?". This file doesn't exist. WTF do I do about this?
3) When clearing the list, I get another "setsockopt" error, invalid protocol.
Comments, answers?

0
 
LVL 1

Expert Comment

by:Sieger
ID: 1586642
I got the exactly the same error when I tried to do this... if you do ipportfw -L to try to get a list, then it will probably say are you sure you installed ipportfw that kinda stupid question..
0
 

Author Comment

by:jguerin
ID: 1586643
Yep that's the one.
Correction above... When I try to add a rule, it says that the destination is invalid... no matter WHAT I enter. I tried entering 5 different addresses, all of them valid (they exist and are reachable), and the thing still complains!?
Kernel version 2.0.35, all packages downloaded from the Steve guy's homepage. I know SOMEBODY out there has it working ; ).
0
 

Author Comment

by:jguerin
ID: 1586644
Edited text of question
0
 
LVL 2

Expert Comment

by:JYoungman
ID: 1586645
You could use rinetd from ftp.boutell.com.

0
 
LVL 1

Expert Comment

by:Sieger
ID: 1586646
I tried rinetd and get this error message

rinetd: couldn't bind to address 111.222.333.44  port 1723

where 111.222.333.44 is the VPN server..
tried to switch the ip around in the conf file but no luck...

jguerin must be in school already :(
0
 
LVL 1

Accepted Solution

by:
Sieger earned 200 total points
ID: 1586647
If you are sure you got the patch to install successfully, and you got the kernel to recompile and you got the same problem as I had before, then I am pretty sure the reason  is that you didn't type "lilo" after you recompile as it won't read your newly compiled kernel without doing so.  I just remember to do so during the weekend and i got it to work !!!  Good luck!
0

Featured Post

Learn by Doing. Anytime. Anywhere.

Do you like to learn by doing?
Our labs and exercises give you the chance to do just that: Learn by performing actions on real environments.

Hands-on, scenario-based labs give you experience on real environments provided by us so you don't have to worry about breaking anything.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question