Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

IPAUTOFW problems (help me please.)

Posted on 1998-09-03
11
Medium Priority
?
319 Views
Last Modified: 2008-02-20
**NEWS FLASH** I'm pretty sure I'm using the WRONG program for this, question now concerns IPPORTFW... see comments below... thank you.

--Original Message--

   I'm trying to get the IPAUTOFW program to forward certain ports on the firewalling machine to ones inside the firewall. I have compiled linux with IP Forwarding on (enabled in etc/sysconfig/network), masquerading on, IPAUTOFW support on. Basically I turned most of the networking tabs on.
   The firewall is working now, I can http/ftp/whatever out of it and get information back, but the ipautofw program just will not work. Here's the commands I used for both ipfwadm and ipautofw.

ipfwadm -F -f
ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0
(also tried ipfwadm -F -m -a (a/m) -S ..., but no luck).

ipautofw -A -r 21 21 -h 192.168.2.2

    See now that should forward it over to the other machine's port 21 right? I've searched the limited base of info related to ipautofw and this was how I was told to set it up, and it makes sense to me? But why the heck isn't it working? Help me soon please, I only have a few days of summer left before I have to go back to school and won't have any time to work on my baby!

0
Comment
Question by:jguerin
  • 4
  • 4
  • 2
  • +1
11 Comments
 

Author Comment

by:jguerin
ID: 1586637
Edited text of question
0
 
LVL 1

Expert Comment

by:fmismetti
ID: 1586638
I have a linux box acting as ip forwarder between my internal network and the internet.

I am using kernel 2.0.35, compiled with ip forward and ip masquerade. Also, I have ipfwadm-2.3.0.

Commands to forward:

ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8

All machines inside my net have ip addresses 10.n.n.n and are configured to have the linux box as gateway. In the linux box I have two cards, one in 10.n.n.n and the other with a public ip from the internet and in the same network my physical link to the internet is.

I have no problems at all. Hope it helps you.
0
 
LVL 1

Expert Comment

by:fmismetti
ID: 1586639
I have a linux box acting as ip forwarder between my internal network and the internet.

I am using kernel 2.0.35, compiled with ip forward and ip masquerade. Also, I have ipfwadm-2.3.0.

Commands to forward:

ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8

All machines inside my net have ip addresses 10.n.n.n and are configured to have the linux box as gateway. In the linux box I have two cards, one in 10.n.n.n and the other with a public ip from the internet and in the same network my physical link to the internet is.

I have no problems at all. Hope it helps you.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 1

Expert Comment

by:Sieger
ID: 1586640
What is not working?
What's the setup of your clients?(Windows 95/NT)
0
 

Author Comment

by:jguerin
ID: 1586641
OK first off I think I'm using the wrong program for this task...
I want to access a computer behind my firewall from outside the firewall. I believe the program I need is ipportfw. I downloaded the source, patches, and other necessary files for ipportfw. I patched the kernel, recompiled, compiled ipportfw, and sent it over to the other machine (compiled on fast linux box and sent to server). I copied the image over, ran  lilo to reload everything, and rebooted. I now get a bunch of problems with ipportfw when I run it.
1) When adding rules, typically get "setsockopt" errors.
2) When viewing the rules, I get "can't open /proc/net/ip_portfw, did you install port forwarding?". This file doesn't exist. WTF do I do about this?
3) When clearing the list, I get another "setsockopt" error, invalid protocol.
Comments, answers?

0
 
LVL 1

Expert Comment

by:Sieger
ID: 1586642
I got the exactly the same error when I tried to do this... if you do ipportfw -L to try to get a list, then it will probably say are you sure you installed ipportfw that kinda stupid question..
0
 

Author Comment

by:jguerin
ID: 1586643
Yep that's the one.
Correction above... When I try to add a rule, it says that the destination is invalid... no matter WHAT I enter. I tried entering 5 different addresses, all of them valid (they exist and are reachable), and the thing still complains!?
Kernel version 2.0.35, all packages downloaded from the Steve guy's homepage. I know SOMEBODY out there has it working ; ).
0
 

Author Comment

by:jguerin
ID: 1586644
Edited text of question
0
 
LVL 2

Expert Comment

by:JYoungman
ID: 1586645
You could use rinetd from ftp.boutell.com.

0
 
LVL 1

Expert Comment

by:Sieger
ID: 1586646
I tried rinetd and get this error message

rinetd: couldn't bind to address 111.222.333.44  port 1723

where 111.222.333.44 is the VPN server..
tried to switch the ip around in the conf file but no luck...

jguerin must be in school already :(
0
 
LVL 1

Accepted Solution

by:
Sieger earned 400 total points
ID: 1586647
If you are sure you got the patch to install successfully, and you got the kernel to recompile and you got the same problem as I had before, then I am pretty sure the reason  is that you didn't type "lilo" after you recompile as it won't read your newly compiled kernel without doing so.  I just remember to do so during the weekend and i got it to work !!!  Good luck!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question