Re: Redirecting ports & DHCP Question ** Resolved

To: Matthew Kopishke <matt@kopishke.org>
Cc: debian-firewall@lists.debian.org
Subject: Re: Redirecting ports & DHCP Question ** Resolved
From: Matthew Kopishke <matt@kopishke.org>
Date: Wed, 11 Jun 2003 10:14:16 -0400
Message-id: <[🔎] FC47B38A-9C16-11D7-B527-0003938BA5DE@kopishke.org>
In-reply-to: <[🔎] AD374CEC-9831-11D7-95DC-0003938BA5DE@kopishke.org>

I figured out my problems, so I thought I would share with the group(if you wanted to know or not :))

For dhcp I ended up using tcpdump and listening to each interface, andthen logging all the dropped packets to figure out where things wheregetting stuck. I found out that the router was in fact (or as far as Ican tell) was answering the DHCP requests (our service is provided bythe state university, so we are a bit in the dark on anything out sideour own networks). So that was just a matter of opening up the rightports from the router's IP and dhcp was doing it's thing.

Now for the port/IP redirecting. I read everything I could find aboutNAT in netfilter, and felt pretty strongly that what I was doing shouldbe working, but after a couple of hours of playing I couldn't get it towork. Come to find out in order for NAT to work, or at least IPforwarding, the device in question needs to have an IP and routing setup. After I did that every thing worked like a charm.

So now my firewall has an IP, which isn't the end of the world, I'lljust have to take extra care when I "harden" the box.


Thanks!

Matt

On Friday, June 6, 2003, at 11:15  AM, Matthew Kopishke wrote:

Hello folks.
I have set up a bridging firewall using iptables (2.4.19) and have aquick couple of questions.
Before I ask my questions I just feel the need to say that thebridging and firewalling code (in this case I mean when the two areused together) has matured quite nicely. I set up a firewall a yearor two ago using 2.2.X/ipchains with brcfg, which at the time seemed abit like black magic. :)
Anyway, the first question is I have a Squid Proxy server running onport 13001 doing some caching/filtering. I was wondering, if it'spossible to just have my firewall redirect port 80 to port 13001? Itseems posable, but browsing the man page I didn't find anything thatjumped out at me (well there was some NAT stuff, but this isn't a > NAT).
The other question is one that I'm just having trouble tracking downports on. We get our IPs via DHCP from a server outside our networkand there for out side the firewall. I can't seem to be able to openup the holes I need to let the DHCP request/responses flow through.What I have done is open up port 67 & 68 to 0/0, I think that's thefirst part of the equation, but I'm not sure what the second is. I'mgoing to keep wading through the DHCP documentation, but if some whohas been there and done that would be so kind...
Thanks,

Matt


--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contactlistmaster@lists.debian.org

Reply to:

References:
- Redirecting ports & DHCP Question
  - From: Matthew Kopishke <matt@kopishke.org>

Prev by Date: Re: Weird IP Aliasing Problem
Next by Date: web server behind a nat box not coming out
Previous by thread: Re: Redirecting ports & DHCP Question
Next by thread: Limit number of simultaneous TCP connections per IP
Index(es):
- Date
- Thread