Re: IRLP radio node and iptable firewall rules review

To: debian Hams <debian-hams@lists.debian.org>
Cc: questions@irlp.net
Subject: Re: IRLP radio node and iptable firewall rules review
From: w9ya <w9ya@arrl.net>
Date: Mon, 22 Dec 2003 04:07:01 -0500
Message-id: <[🔎] 200312220407.02341.w9ya@arrl.net>
Reply-to: w9ya@arrl.net
In-reply-to: <[🔎] 200312220000.37618.ke6sls@arrl.net>
References: <[🔎] 200312220000.37618.ke6sls@arrl.net>

On Monday 22 December 2003 03:00 am, Jaye Inabnit ke6sls wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Greetings all:
>
> A friend and fellow ham worked on creating a set of iptable rules for IRLP
> use behind a Gnu/Linux firewall.  He is a FreeBSD guru, but took time to
> learn iptables for this adventure today into the IRLP zone.  The reason for
> this post is to encourage review of this script for security/useability
> purposes and request feedback.  It is also intended to help others who may
> also want to put an IRLP behind a Gnu/Linux firewall by making this post
> searchable via a google search (debian-user.)
>
> Here's what is needed for IRLP to function behind a firewall:
> * UDP ports 2074-2093 bidirectional to IRLP computer
> * TCP ports 15425-15427 bidirectional to IRLP computer
> * special port-forward of port 3522 to IRLP computer on port 22 (SSH)
> (I conjured port 3522 out of thin air, did not want to change what port my
> firewall listened to, nor change the port the IRLP computer listened to)
>
> I assigned the IRLP node a static IP of 192.168.10.25 and added that IP to
> my hosts file in my firewall computer.
>
> So far, the node is working better than it has before with hardware
> firewalls. Further, we can now trace all packets with tcpdump--something we
> couldn't do with the hardware firewall.

Could you tell us which hardware firewall(s) did you use before going to this 
solution ?

TIA

Bob
w9ya

>
> My original goal was to come up with three lines of iptables
> commands--something like an add-on module to existing rules:
> - -one iptables command to forward the TCP ports to 192.168.10.25 from
> 192.168.10.1 firewall
> - -one iptables command to forward the UDP ports to 192.168.10.25 from
> 192.168.10.1 firewall
> - -one iptables command to route port 3522 directly to 192.168.10.25 on
> port 22 (for SSH)
> I would still love to achieve this.  I recall doing something like this for
> a Internet game at one point many moons ago.
>
> Again, if you could review the script, I would be most appreciative.
>
> Thank you.  73
>
> - --
>
> Wishing you well.
>
> Jaye Inabnit, ke6sls   (A fortunate GNU/Linux user)
> Questions, especially really dumb questions, can reveal the oblivious.
> Free software isn't about money, it's about freedom. Please Support GNU!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> Comment: My key available from www.keyserver.net
>
> iD8DBQE/5qSlZHBxKsta6kMRAnzdAJ0XtOd8sE44aHU62C1wzfsUFgiUPwCfQPpy
> fbNpZJnw2gOxT5wIjFz3sOw=
> =qwHB
> -----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- ax0 interface disapears????
  - From: "Rob Roschewsk" <ka2pbt@arrl.net>

References:
- IRLP radio node and iptable firewall rules review
  - From: Jaye Inabnit ke6sls <ke6sls@arrl.net>

Prev by Date: IRLP radio node and iptable firewall rules review
Next by Date: cwbot cwirc parrot cw_tutor.sh non-networked straight key practice
Previous by thread: IRLP radio node and iptable firewall rules review
Next by thread: ax0 interface disapears????
Index(es):
- Date
- Thread