Re: ipportfw & NT
On Tue, Mar 23, 1999 at 08:48:41PM -0600, Steve Fuller wrote:
> I am using ipportfw on my machine and am forwarding a number of ports from the outside to internal NT based hosts and am not having any particular problems. This is working for web, email and Winframe/Terminal Server for me. Some more information on your configuration would probably help.
>
> -----Original Message-----
> From: Mike Schmitz [mailto:mschmitz@colug.org]On Behalf Of Mike Schmitz
> Sent: Tuesday, March 23, 1999 8:31 PM
> To: debian-firewall@lists.debian.org
> Subject: ipportfw & NT
>
>
>
> I have ipportfw working now with a debian box behind the firewall, and
> can get to the web pages on it from outside. I have an NT box that has
> multiple IP's that works fine on the outside, but I have not been able
> to get the ports to forward to it when it is behind the firewall. Is
> there something special I need to do for NT?
#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
IPADDR=<Removed>
NETMASK=<Removed>
NETWORK=<Removed>
BROADCAST=<Removed>
GATEWAY=<Removed>
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
[ "${GATEWAY}" ] && route add default gw ${GATEWAY} metric 1
ifconfig eth0:0 <Removed> netmask <Removed>
ifconfig eth0:1 <Removed> netmask <Removed>
ifconfig eth0:2 <Removed> netmask <Removed>
ifconfig eth0:3 <Removed> netmask <Removed>
ifconfig eth0:4 <Removed> netmask <Removed>
ifconfig eth0:5 <Removed> netmask <Removed>
ifconfig eth0:6 <Removed> netmask <Removed>
ifconfig eth0:7 <Removed> netmask <Removed>
ifconfig eth0:8 <Removed> netmask <Removed>
ifconfig eth0:9 <Removed> netmask <Removed>
ifconfig eth0:10 <Removed> netmask <Removed>
ifconfig eth0:11 <Removed> netmask <Removed>
ifconfig eth0:12 <Removed> netmask <Removed>
route add -net <Removed> netmask <Removed>
ifconfig eth1 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255
route add -net 192.168.100.0 dev eth1
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.100.0/24 -D 0.0.0.0/0
echo 1 > /proc/sys/net/ipv4/ip_forward
#! /bin/sh
#
# This file was automatically customized by debmake on Thu, 29 Jan 1998 16:20:37 -0800
#
# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
# Modified for Debian by Christoph Lameter <clameter@debian.org>
PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/sbin/ipportfw
# The following value is extracted by debstd to figure out how to generate
# the postinst script. Edit the field to change the way the script is
# registered through update-rc.d (see the manpage for update-rc.d!)
FLAGS="defaults 50"
test -f $DAEMON || exit 0
portfwrules () {
#REPLACE WITH YOUR RULES
echo -n
ipportfw -A -t <removed>/80 -R 192.168.100.209/80
ipportfw -A -t <removed>/21 -R 192.168.100.209/21
ipportfw -A -t <removed>/80 -R 192.168.100.210/80
ipportfw -A -t <removed>/21 -R 192.168.100.210/21
ipportfw -A -t <removed>/80 -R 192.168.100.211/80
ipportfw -A -t <removed>/21 -R 192.168.100.211/21
ipportfw -A -t <removed>/80 -R 192.168.100.212/80
ipportfw -A -t <removed>/21 -R 192.168.100.212/21
ipportfw -A -t <removed>/80 -R 192.168.100.213/80
ipportfw -A -t <removed>/21 -R 192.168.100.213/21
ipportfw -A -t <removed>/80 -R 192.168.100.214/80
ipportfw -A -t <removed>/21 -R 192.168.100.214/21
ipportfw -A -t <removed>/80 -R 192.168.100.215/80
ipportfw -A -t <removed>/21 -R 192.168.100.215/23
ipportfw -A -t <removed>/80 -R 192.168.100.216/80
ipportfw -A -t <removed>/21 -R 192.168.100.216/21
ipportfw -A -t <removed>/80 -R 192.168.100.217/80
ipportfw -A -t <removed>/21 -R 192.168.100.217/21
ipportfw -A -t <removed>/80 -R 192.168.100.218/80
ipportfw -A -t <removed>/21 -R 192.168.100.218/21
ipportfw -A -t <removed>/80 -R 192.168.100.219/80
ipportfw -A -t <removed>/21 -R 192.168.100.219/21
ipportfw -A -t <removed>/80 -R 192.168.100.220/80
ipportfw -A -t <removed>/21 -R 192.168.100.220/21
ipportfw -A -t <removed>/80 -R 192.168.100.221/80
ipportfw -A -t <removed>/21 -R 192.168.100.221/21
}
case "$1" in
start)
portfwrules
;;
stop)
ipportfw -C
;;
restart|force-reload)
ipportfw -C
portfwrules
;;
*)
echo "Usage: /etc/init.d/ipportfw {start|stop|restart|force-reload}"
exit 1
;;
esac
exit 0
Configuration on the other side (NT) I do not know. I don't work with
that part. I do know, though, that it works fine without the firewall,
and my firewall works fine, with the same ruleset, with a debian machine
behind it.
--
Mike Schmitz mschmitz@bend-or.com http://www.bend-or.com/~mschmitz
Don't blame me - I voted libertarian! http://www.lp.org/
Use Debian Linux - the free Gnu/Linux http://www.debian.org/
-----------
"If encryption is outlawed, only outlaws will have encryption"
Reply to: