iportfw vs autofw

To: Debian user mailinglist <debian-user@lists.debian.org>
Subject: iportfw vs autofw
From: "nate@firetrail.com" <nate@firetrail.com>
Date: Fri, 1 Dec 2000 17:16:26 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.21.0012011658360.8795-100000@galactica.firetrail.com>

hi

although its not a major issue i am still curious. I have never, to this
day gotten the ipmasqdm module portfw to work on any machines when i self
compile the kernel, the rules load, and lists when i tell it to l ist, but
it doesn't forward the packets. When i change the rule to use autofw
instead it works fine. all the ipmasq modules are loaded:

CONFIG_IP_FIREWALL=y
# CONFIG_IP_FIREWALL_NETLINK is not set
# CONFIG_IP_ROUTE_FWMARK is not set
# CONFIG_IP_TRANSPARENT_PROXY is not set
CONFIG_IP_MASQUERADE=y
CONFIG_IP_MASQUERADE_ICMP=y
CONFIG_IP_MASQUERADE_MOD=y
CONFIG_IP_MASQUERADE_IPAUTOFW=y
CONFIG_IP_MASQUERADE_IPPORTFW=y
CONFIG_IP_MASQUERADE_MFW=y
CONFIG_IP_ROUTER=y

yet it doesn't work. no errors, just sits there. when i nmap the ports it
shows the ports that should be forwarded as filtered. I flushed the
firewall, and all policys are at ACCEPT and nmap still says those ports
are being filtered.

I can't find a real difference between portfw and autofw at least as far
as my needs are concerned(forwarding a port on the firewall to a machine
on the inside).

this may become a moot point as i am attempting to configure OpenBSD
machines to replace the linux boxen for the firewall machines.

but that doesn't stop the curiosity as to why this(portfw) doesn't want to
work. The exact same rules on a redhate box work fine(using redhate's
default kernel ...)

a sample rule
/usr/sbin/ipmasqadm portfw -a  -P tcp -L real_ip 25 -R 192.168.1.2 25

yes ip forwarding is turned on, if packet forwarding was broken then i
think the autofw rule wouldnt work(ipmasq works too)

i should mention that the machines behind the firewall are responding on
the respected ports.

btw, running linux 2.2.17+openwall patch from www.openwall.com/linux +
lm_sensors patch from lm-sensors-source package, + ide patch from
www.linux-ide.org, and running an updated intel eepro ethernet driver(its
a dual port NIC). happens on all other configurations located on other
networks as well.

any ideas ..........?

thanks!

nate


:::
http://www.aphroland.org/
http://www.linuxpowered.net/
aphro@aphroland.org
4:58pm up 77 days, 2:16, 1 user, load average: 0.00, 0.00, 0.00

Reply to:

Prev by Date: xlibs vs. app-defaults
Next by Date: Re: DESTROY (perl experts please) (fwd)
Previous by thread: Re: xlibs vs. app-defaults
Next by thread: Re: DESTROY (perl experts please) (fwd)
Index(es):
- Date
- Thread