Re: Problem to get ipautofw working !!!

To: debian-firewall@lists.debian.org
Subject: Re: Problem to get ipautofw working !!!
From: Martin Held <heldm@ucs.orst.edu>
Date: Wed, 30 Jun 1999 07:52:34 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.990630073938.23812C-100000@tethys.rcn.orst.edu>
In-reply-to: <[🔎] Pine.LNX.4.10.9906300906570.32003-100000@chef.nerp.net>

Hmm.  I haven't looked at the ipmasqadm tools... I haven't needed to do
anything like this with my firewall, seeing as I've just had to masquerade
with nothing fancy.  I also heard there was a program on freshmeat
sometime back that converted ipfwadm and ipportfw etc commands to
ipchains... I heard it didnt work 100%, but it might do some good as well
(I would be the last to know on this one).

linux/Documentation/Changes says you need to get ipmasqadm for masq
forwarding, but given my setup currently, AFAIC that's not 100%% true.  I
think you only need it in case you're doing something different, so I
would go for chewie's advice here and download that.  I think I'll have to
give it a whirl one of these days too. 

Happy firewalling!

Do Svidonia,

Martin Held 
Electrical Engineering, Oregon State University
heldm@ucs.orst.edu 
http://dione.staticky.com//
------------------- 
I can picture in my mind a world without war, a world without hate. And I
can picture us attacking that world, just because they'd never expect it.

On Wed, 30 Jun 1999, ^chewie wrote:

> > On Wed, 30 Jun 1999, Franz Skale wrote:
> > 
> > Installed kernel: 2.2.10
> > 
> > firewall:~# ipautofw -A -r udp 6970 6999 -c tcp 554
> > setsockopt: Protocol not available
> > firewall:~#
> > 
> > Can anyone tell me how to solve the problem. I nearly searched the
> > "whole Internet" but didn`t find any working solutions for this
> > problem.
> 
> On Tue, 29 Jun 1999, Martin Held wrote:
> 
> > You have to use ipchains with a 2.2.x kernel.  ipautofw doesn't
> > work under 2.2 kernels.
> > 
> > I think what you want is something along the lines of
> > 
> > ipchains -A input -j REDIRECT -p <protocol> -s 0/0 and so on.
> > 
> > I would read the ipchains howto.  There's lots of stuff you can do
> > with it... it replaces ipautofw, portfw, etc.
> 
> Franz, I'm not sure how exactly you'd use vanilla ipchains to do the
> same functionality as ipautofw.  I've read the FAQs and haven't found
> any answer other than having to download the ipmasqadm tools from
> http://juanjox.kernelnotes.org.  The ipmasqadm tool works with
> ipchains and the new firewall code and replaces ipportfw and ipautofw
> with "ipmasqadm portfw ..." and "ipmasqadm autofw..."  
> 
> I believe that Martin is simply suggesting that you force the desired
> range of udp port connetions through a single port through
> redirection.  This may not be what you would like to do.  Ipmasqadm
> uses the same syntax as ipautofw, so if you're used to using that, go
> for ipmasqadm.
>

Reply to:

References:
- Re: Problem to get ipautofw working !!!
  - From: ^chewie <chewie@nerp.net>

Prev by Date: Re: Problem to get ipautofw working !!!
Next by Date: Re: Port forwarding
Previous by thread: Re: Problem to get ipautofw working !!!
Next by thread: Re: Port forwarding
Index(es):
- Date
- Thread