Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ipchains and ipmasqadm quickie

Posted on 2000-05-17
5
Medium Priority
?
298 Views
Last Modified: 2013-12-15
Ok I have an ipchains firewall script that is called from the ip-up script (PPP connection). Within this ipchains script I wish to forward any ftp and telnet requests coming in to the ppp0 device to another machine within the ineternal  network - say 192.168.0.2

What I need to know is what is the rule I should use for ipchains, I have this so far...  (I don't have the script with me at the mo so I am trying to remember this from my head!!)....

<snip>
ipchains -A forward -p tcp -s $INTERNET -d $PPPIP telnet -j ACCEPT

#and the the ipmasqadm

<snip>
ipmasqadm portfw -a -P tcp -L $PPPIP 23 -R 192.168.0.12 23

is that right? Or does the ipchains -A command need to be forward and/or the -j command REDIRECT

The last bit is: Does packet forwarding just need to be on the gateway (PPP machine) or all computers within the internal network?

Cheers

Anewbis_
0
Comment
Question by:Anewbis_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:Anewbis_
ID: 2818326
Ooops forgot a bit! on the ipchains rule can the -j option be DENY as it is going to get forwarded to another machine or would it have to be ACCEPT? I do not want anyone from outside to be able to telnet to the firewall box itself - hence the port redirection ;-)

Cheers
0
 

Accepted Solution

by:
liyang earned 200 total points
ID: 2851317
Assuming your internal machine can send packets out at will, and your firewall machine will ACCEPT (*not* FORWARD!) packets on port 23, then all you need is:

ipmasqadm portfw -a -P tcp -L $PPPIP 23 -R 192.168.0.12 23

hth
/Liyang
0
 

Author Comment

by:Anewbis_
ID: 2860165
Answer accepted
0
 

Author Comment

by:Anewbis_
ID: 2860166
Cheers! It works! Except FTP seems to hang on LIST/GET/DIR commands - any ideas on that?
0
 

Expert Comment

by:liyang
ID: 2864644
Have you done "modprobe ip_masq_ftp"? You'll need that in order to do active ftp from the inside. Place it in your rc.local script so it gets run at startup. Passive ftp should work either way, provided you don't restrict any outgoing connections.

hth
/Liyang

0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question