[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables, gateway and hylafax

If all your tables are set to accept why don't you just connect the fax server directly to the network? (Unless of course you're trying to translate IPX/SPX to TCP/IP). How does the network transfer the data to the fax server?

Replying to the message sent by David Dumortier  on Mon, 26 May 2003 14:30:13 +0200, received at 19:29:26 on 26/05/2003. David Dumortier wrote:
>We have got a problem to setting iptables on a gateway.
>Topology :
>Network with an hylafax server A gateway on debian with 2 network
>cards, one on network (tr0) and the other (eth0) on the next
>computer A computer (on $ OS who want to fax)
>We put ip_conn_track, and ip_conn_track_ftp on the kernel of the
>gateway We can make a telnet fax_server 4559, login as user and ...
>nothing else
>the iptables' rules :
>/sbin/modprobe ip_conntrack_ftp ports=21,4558,4557,4559
>/sbin/modprobe ip_nat_ftp ports=21,4558,4557,4559
>iptables -A INPUT -p tcp -i eth0 --dport 4557:4559 -j ACCEPT
>iptables -A INPUT -p tcp -i tr0 --dport 4557:4559 -j ACCEPT
>iptables -A INPUT -p tcp --sport 4557:4559 -m state --state
>NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --sport 1024:
>--dport 1024: -m state --state ESTABLISHED -j ACCEPT iptables -A
>OUTPUT -p tcp --sport 4557:4559 -m state --state NEW,ESTABLISHED -j
>ACCEPT iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m
>iptables -A FORWARD -p tcp --sport 4557:4559 -s Faxaddr -j ACCEPT
>iptables -A FORWARD -p tcp --sport 4557:4559 -s Clientaddr -j ACCEPT
> iptables -A FORWARD --source Clientaddr -m multiport --protocol tcp
>--dport 4557,4558,4559 -j ACCEPT iptables -A FORWARD --source
>Gatewayaddr -m multiport --protocol tcp --dport  4557,4558,4559 -j
>ACCEPT iptables -A FORWARD --source Serveraddr -m multiport
>--protocol tcp --dport 4557,4558,4559 -j ACCEPT
>iptables -A FORWARD -m multiport --protocol tcp --dport
>4557,4558,4559 -j ACCEPT iptables -A FORWARD -m multiport -m state
>iptables -A INPUT -p tcp --sport 4557:4559 -j ACCEPT iptables -A
>INPUT -p tcp --dport 4557:4559 -j ACCEPT iptables -A INPUT -m
>multiport --protocol tcp --sport 4557,4558,4559 -j ACCEPT
>iptables -A OUTPUT -p tcp -o eth0 --sport 4557:4559 -j ACCEPT
>iptables -A OUTPUT -p tcp -o tr0 --sport 4557:4559 -j ACCEPT
>iptables -t nat -A PREROUTING -p tcp --dport 4557:4559 -j DNAT --to-
>destination Serveraddr iptables -t nat -A PREROUTING -p tcp --sport
>4557:4559 -j DNAT --to-destination Clientaddr
>If you have advice ...
>David Dumortier dudumortier@wanadoo.fr

Reply to: