Re: ipportfw & NT

To: debian-firewall@lists.debian.org
Subject: Re: ipportfw & NT
From: Mike Schmitz <mschmitz@coinet.com>
Date: Wed, 24 Mar 1999 14:50:46 -0800
Message-id: <[🔎] 19990324145046.S11369@coinet.com>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 000001be75a0$d485aca0$2601a8c0@woodstock>; from Steve Fuller on Tue, Mar 23, 1999 at 08:48:41PM -0600
References: <[🔎] 19990323183113.Q11369@coinet.com> <[🔎] 000001be75a0$d485aca0$2601a8c0@woodstock>

On Tue, Mar 23, 1999 at 08:48:41PM -0600, Steve Fuller wrote:
> I am using ipportfw on my machine and am forwarding a number of ports from the outside to internal NT based hosts and am not having any particular problems. This is working for web, email and Winframe/Terminal Server for me. Some more information on your configuration would probably help.
> 
> -----Original Message-----
> From: Mike Schmitz [mailto:mschmitz@colug.org]On Behalf Of Mike Schmitz
> Sent: Tuesday, March 23, 1999 8:31 PM
> To: debian-firewall@lists.debian.org
> Subject: ipportfw & NT
> 
> 
> 
> I have ipportfw working now with a debian box behind the firewall, and
> can get to the web pages on it from outside.  I have an NT box that has 
> multiple IP's that works fine on the outside, but I have not been able
> to get the ports to forward to it when it is behind the firewall.  Is
> there something special I need to do for NT?


#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0

IPADDR=<Removed>
NETMASK=<Removed>
NETWORK=<Removed>
BROADCAST=<Removed>
GATEWAY=<Removed>
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK} 
[ "${GATEWAY}" ] && route add default gw ${GATEWAY} metric 1

ifconfig eth0:0 <Removed> netmask <Removed>
ifconfig eth0:1 <Removed> netmask <Removed>
ifconfig eth0:2 <Removed> netmask <Removed>
ifconfig eth0:3 <Removed> netmask <Removed>
ifconfig eth0:4 <Removed> netmask <Removed>
ifconfig eth0:5 <Removed> netmask <Removed>
ifconfig eth0:6 <Removed> netmask <Removed>
ifconfig eth0:7 <Removed> netmask <Removed>
ifconfig eth0:8 <Removed> netmask <Removed>
ifconfig eth0:9 <Removed> netmask <Removed>
ifconfig eth0:10 <Removed> netmask <Removed>
ifconfig eth0:11 <Removed> netmask <Removed>
ifconfig eth0:12 <Removed> netmask <Removed>

route add -net <Removed> netmask <Removed>

ifconfig eth1 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255
route add -net 192.168.100.0 dev eth1
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.100.0/24 -D 0.0.0.0/0
echo 1 > /proc/sys/net/ipv4/ip_forward


#! /bin/sh
#
# This file was automatically customized by debmake on Thu, 29 Jan 1998 16:20:37 -0800
#
# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
# Modified for Debian by Christoph Lameter <clameter@debian.org>

PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/sbin/ipportfw
# The following value is extracted by debstd to figure out how to generate
# the postinst script. Edit the field to change the way the script is
# registered through update-rc.d (see the manpage for update-rc.d!)
FLAGS="defaults 50"

test -f $DAEMON || exit 0

portfwrules () {
	#REPLACE WITH YOUR RULES
	echo -n
	ipportfw -A -t <removed>/80 -R 192.168.100.209/80
	ipportfw -A -t <removed>/21 -R 192.168.100.209/21
	ipportfw -A -t <removed>/80 -R 192.168.100.210/80
	ipportfw -A -t <removed>/21 -R 192.168.100.210/21
	ipportfw -A -t <removed>/80 -R 192.168.100.211/80
	ipportfw -A -t <removed>/21 -R 192.168.100.211/21
	ipportfw -A -t <removed>/80 -R 192.168.100.212/80
	ipportfw -A -t <removed>/21 -R 192.168.100.212/21
	ipportfw -A -t <removed>/80 -R 192.168.100.213/80
	ipportfw -A -t <removed>/21 -R 192.168.100.213/21
	ipportfw -A -t <removed>/80 -R 192.168.100.214/80
	ipportfw -A -t <removed>/21 -R 192.168.100.214/21
	ipportfw -A -t <removed>/80 -R 192.168.100.215/80
	ipportfw -A -t <removed>/21 -R 192.168.100.215/23
	ipportfw -A -t <removed>/80 -R 192.168.100.216/80
	ipportfw -A -t <removed>/21 -R 192.168.100.216/21
	ipportfw -A -t <removed>/80 -R 192.168.100.217/80
	ipportfw -A -t <removed>/21 -R 192.168.100.217/21
	ipportfw -A -t <removed>/80 -R 192.168.100.218/80
	ipportfw -A -t <removed>/21 -R 192.168.100.218/21
	ipportfw -A -t <removed>/80 -R 192.168.100.219/80
	ipportfw -A -t <removed>/21 -R 192.168.100.219/21
	ipportfw -A -t <removed>/80 -R 192.168.100.220/80
	ipportfw -A -t <removed>/21 -R 192.168.100.220/21
	ipportfw -A -t <removed>/80 -R 192.168.100.221/80
	ipportfw -A -t <removed>/21 -R 192.168.100.221/21
}

case "$1" in
start)
	portfwrules
	;;
stop)
	ipportfw -C
	;;
restart|force-reload)
	ipportfw -C
	portfwrules
	;;
*)
	echo "Usage: /etc/init.d/ipportfw {start|stop|restart|force-reload}"
	exit 1
	;;
esac

exit 0


Configuration on the other side (NT) I do not know.  I don't work with
that part.  I do know, though, that it works fine without the firewall,
and my firewall works fine, with the same ruleset, with a debian machine
behind it.

-- 
  Mike Schmitz     mschmitz@bend-or.com    http://www.bend-or.com/~mschmitz
  Don't blame me - I voted libertarian!    http://www.lp.org/
  Use Debian Linux - the free Gnu/Linux    http://www.debian.org/
				  -----------        
	 "If encryption is outlawed, only outlaws will have encryption"

Reply to:

References:
- ipportfw & NT
  - From: Mike Schmitz <mschmitz@coinet.com>
- RE: ipportfw & NT
  - From: "Steve Fuller" <sfuller@netins.net>

Prev by Date: Re: SUMMARY Re: firewall/webserver combo
Previous by thread: RE: ipportfw & NT
Index(es):
- Date
- Thread