Re: port redirection
On Sun, Jul 04, 1999 at 09:49:53AM +1000, Dan Everton wrote:
> On Fri, Jul 02, 1999 at 03:24:50PM -0400, Jonathan Lupa wrote:
> > [setup deleted]
> > Now, what I want to do, but haven't been able to get working is a forwarding
> > scheme for CVS. I want to have my gateway XXX.XXX.XXX.XXX box redirect its
> > port 6060 to my workstations (192.168.2.1) cvspserver port (2401).
> > To this affect I entered the following lines:
> > ipportfw -A -tXXX.XXX.XXX.XXX/6060 -R 192.168.2.3/2401
> > ipportfw -A -uXXX.XXX.XXX.XXX/6060 -R 192.168.2.3/2401
> > Before I was doing portforwarding on 6060 when I telnet to that port on my
> > box I get the message "telnet: Unable to connect to remote host: Connection
> > refused". AFTER I add port forwarding on 6060 I get "telnet: Unable to
> > connect to remote host: Connection timed out".
> > The transactions are starting, they just aren't finishing. My pet theory is
> > that this port forwarding thing isn't dealing with masquerading of the
> > returned packets, but like I said, I'm pretty clueless with this.
> One thing I can think of is (and this is based on a very hazy grasp of
> what ipmasq and ipportfw are actually doing) is that that the cvspserver is
> trying to create another connection channel back to the originating server and
> that isn't working for some reason. Anybody know if cvspserver does that (like
> the control and data ports in ftp)?
One of the things that concerned me is that the pserver was trying to do some rsh
authentification stuff, but I had expressly blocked those ports in my firewall.
So, I threw open all of the gates, but I still hadd the problem. =(
> Another possibility is that ipportfw doesn't like rewriting ports (although
> I'm almost certain that does work). Have you tried just passing port 2401
> one along as opposed to rewriting 6060 down to 2401?
Yep, that was the second thing I tried. Keeping the firewall all the way open and
just punching the port straight through. I got the same results as when I wasnt
> Wish I could help you better.
No problem. =)
What I'm thinking of trying now is to configure the client that I care about
(a win95 box at work) to use ssh to do the cvs work. Of course, that is going
to requrire configuration of my closed source gui proprietary ssh implementation
to work from the command line with the windows cvs client, so I'm not 100%
on whether I'll be able to get that going.
Ah well, I guess the original question still stands : Is it possible to punch
cvs's pserver through a masqurading firewall using port forwarding.