Re: iptables, gateway and hylafax

To: <dudumortier@wanadoo.fr>, <debian-firewall@lists.debian.org>
Cc: <vincent.morlot@free.fr>
Subject: Re: iptables, gateway and hylafax
From: Ken Gilmour <ken@playersonly.com>
Date: Mon, 26 May 2003 19:31:09 +0100
Message-id: <[🔎] 200305261831.h4QIVJB08775@zaibatsu.sportsmail.ac>
In-reply-to: <[🔎] 20030526123013.GA1297@wanadoo.fr>

If all your tables are set to accept why don't you just connect the fax server directly to the network? (Unless of course you're trying to translate IPX/SPX to TCP/IP). How does the network transfer the data to the fax server?

Replying to the message sent by David Dumortier  on Mon, 26 May 2003 14:30:13 +0200, received at 19:29:26 on 26/05/2003. David Dumortier wrote:
>Hello,
>
>We have got a problem to setting iptables on a gateway.
>Topology :
>
>Network with an hylafax server A gateway on debian with 2 network
>cards, one on network (tr0) and the other (eth0) on the next
>computer A computer (on $ OS who want to fax)
>
>We put ip_conn_track, and ip_conn_track_ftp on the kernel of the
>gateway We can make a telnet fax_server 4559, login as user and ...
>nothing else
>
>the iptables' rules :
>
>/sbin/modprobe ip_conntrack_ftp ports=21,4558,4557,4559
>/sbin/modprobe ip_nat_ftp ports=21,4558,4557,4559
>
>iptables -A INPUT -p tcp -i eth0 --dport 4557:4559 -j ACCEPT
>iptables -A INPUT -p tcp -i tr0 --dport 4557:4559 -j ACCEPT
>
>iptables -A INPUT -p tcp --sport 4557:4559 -m state --state
>NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --sport 1024:
>--dport 1024: -m state --state ESTABLISHED -j ACCEPT iptables -A
>OUTPUT -p tcp --sport 4557:4559 -m state --state NEW,ESTABLISHED -j
>ACCEPT iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m
>state --state ESTABLISHED,RELATED -j ACCEPT
>
>iptables -A FORWARD -p tcp --sport 4557:4559 -s Faxaddr -j ACCEPT
>iptables -A FORWARD -p tcp --sport 4557:4559 -s Clientaddr -j ACCEPT
> iptables -A FORWARD --source Clientaddr -m multiport --protocol tcp
>--dport 4557,4558,4559 -j ACCEPT iptables -A FORWARD --source
>Gatewayaddr -m multiport --protocol tcp --dport  4557,4558,4559 -j
>ACCEPT iptables -A FORWARD --source Serveraddr -m multiport
>--protocol tcp --dport 4557,4558,4559 -j ACCEPT
>
>iptables -A FORWARD -m multiport --protocol tcp --dport
>4557,4558,4559 -j ACCEPT iptables -A FORWARD -m multiport -m state
>--state RELATED,ESTABLISHED -j ACCEPT
>
>iptables -A INPUT -p tcp --sport 4557:4559 -j ACCEPT iptables -A
>INPUT -p tcp --dport 4557:4559 -j ACCEPT iptables -A INPUT -m
>multiport --protocol tcp --sport 4557,4558,4559 -j ACCEPT
>
>iptables -A OUTPUT -p tcp -o eth0 --sport 4557:4559 -j ACCEPT
>iptables -A OUTPUT -p tcp -o tr0 --sport 4557:4559 -j ACCEPT
>
>iptables -t nat -A PREROUTING -p tcp --dport 4557:4559 -j DNAT --to-
>destination Serveraddr iptables -t nat -A PREROUTING -p tcp --sport
>4557:4559 -j DNAT --to-destination Clientaddr
>
>If you have advice ...
>
>David Dumortier dudumortier@wanadoo.fr

Reply to:

Follow-Ups:
- Re: iptables, gateway and hylafax
  - From: David Dumortier <dudumortier@wanadoo.fr>

References:
- iptables, gateway and hylafax
  - From: David Dumortier <dudumortier@wanadoo.fr>

Prev by Date: Re: iptables, gateway and hylafax
Next by Date: Re: iptables, gateway and hylafax
Previous by thread: Re: iptables, gateway and hylafax
Next by thread: Re: iptables, gateway and hylafax
Index(es):
- Date
- Thread