Solved

IPAUTOFW problems (help me please.)

Posted on 1998-09-03
11
291 Views
Last Modified: 2008-02-20
**NEWS FLASH** I'm pretty sure I'm using the WRONG program for this, question now concerns IPPORTFW... see comments below... thank you.

--Original Message--

   I'm trying to get the IPAUTOFW program to forward certain ports on the firewalling machine to ones inside the firewall. I have compiled linux with IP Forwarding on (enabled in etc/sysconfig/network), masquerading on, IPAUTOFW support on. Basically I turned most of the networking tabs on.
   The firewall is working now, I can http/ftp/whatever out of it and get information back, but the ipautofw program just will not work. Here's the commands I used for both ipfwadm and ipautofw.

ipfwadm -F -f
ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0
(also tried ipfwadm -F -m -a (a/m) -S ..., but no luck).

ipautofw -A -r 21 21 -h 192.168.2.2

    See now that should forward it over to the other machine's port 21 right? I've searched the limited base of info related to ipautofw and this was how I was told to set it up, and it makes sense to me? But why the heck isn't it working? Help me soon please, I only have a few days of summer left before I have to go back to school and won't have any time to work on my baby!

0
Comment
Question by:jguerin
  • 4
  • 4
  • 2
  • +1
11 Comments
 

Author Comment

by:jguerin
ID: 1586637
Edited text of question
0
 
LVL 1

Expert Comment

by:fmismetti
ID: 1586638
I have a linux box acting as ip forwarder between my internal network and the internet.

I am using kernel 2.0.35, compiled with ip forward and ip masquerade. Also, I have ipfwadm-2.3.0.

Commands to forward:

ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8

All machines inside my net have ip addresses 10.n.n.n and are configured to have the linux box as gateway. In the linux box I have two cards, one in 10.n.n.n and the other with a public ip from the internet and in the same network my physical link to the internet is.

I have no problems at all. Hope it helps you.
0
 
LVL 1

Expert Comment

by:fmismetti
ID: 1586639
I have a linux box acting as ip forwarder between my internal network and the internet.

I am using kernel 2.0.35, compiled with ip forward and ip masquerade. Also, I have ipfwadm-2.3.0.

Commands to forward:

ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8

All machines inside my net have ip addresses 10.n.n.n and are configured to have the linux box as gateway. In the linux box I have two cards, one in 10.n.n.n and the other with a public ip from the internet and in the same network my physical link to the internet is.

I have no problems at all. Hope it helps you.
0
 
LVL 1

Expert Comment

by:Sieger
ID: 1586640
What is not working?
What's the setup of your clients?(Windows 95/NT)
0
 

Author Comment

by:jguerin
ID: 1586641
OK first off I think I'm using the wrong program for this task...
I want to access a computer behind my firewall from outside the firewall. I believe the program I need is ipportfw. I downloaded the source, patches, and other necessary files for ipportfw. I patched the kernel, recompiled, compiled ipportfw, and sent it over to the other machine (compiled on fast linux box and sent to server). I copied the image over, ran  lilo to reload everything, and rebooted. I now get a bunch of problems with ipportfw when I run it.
1) When adding rules, typically get "setsockopt" errors.
2) When viewing the rules, I get "can't open /proc/net/ip_portfw, did you install port forwarding?". This file doesn't exist. WTF do I do about this?
3) When clearing the list, I get another "setsockopt" error, invalid protocol.
Comments, answers?

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Expert Comment

by:Sieger
ID: 1586642
I got the exactly the same error when I tried to do this... if you do ipportfw -L to try to get a list, then it will probably say are you sure you installed ipportfw that kinda stupid question..
0
 

Author Comment

by:jguerin
ID: 1586643
Yep that's the one.
Correction above... When I try to add a rule, it says that the destination is invalid... no matter WHAT I enter. I tried entering 5 different addresses, all of them valid (they exist and are reachable), and the thing still complains!?
Kernel version 2.0.35, all packages downloaded from the Steve guy's homepage. I know SOMEBODY out there has it working ; ).
0
 

Author Comment

by:jguerin
ID: 1586644
Edited text of question
0
 
LVL 2

Expert Comment

by:JYoungman
ID: 1586645
You could use rinetd from ftp.boutell.com.

0
 
LVL 1

Expert Comment

by:Sieger
ID: 1586646
I tried rinetd and get this error message

rinetd: couldn't bind to address 111.222.333.44  port 1723

where 111.222.333.44 is the VPN server..
tried to switch the ip around in the conf file but no luck...

jguerin must be in school already :(
0
 
LVL 1

Accepted Solution

by:
Sieger earned 200 total points
ID: 1586647
If you are sure you got the patch to install successfully, and you got the kernel to recompile and you got the same problem as I had before, then I am pretty sure the reason  is that you didn't type "lilo" after you recompile as it won't read your newly compiled kernel without doing so.  I just remember to do so during the weekend and i got it to work !!!  Good luck!
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now