[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PCAnywhere and IPCHAINS

Hello nate,
    Thanks for your reply.
    I saw some examples using both portfw and autofw, that's why I was trying
I've removed autofw but it still failed.
    My machine details:
server FW (IP: x.x.x.a interfaces: x.x.x.x/29 and ipchains running
on it)
pc C (IP: x.x.x.b PCAnywhere client)
server P (IP: it behinds server A, PCAnywhere host)
    So my externalip would be x.x.x.a and internal IP is On server
FW, I've
allowed both TCP and UDP connection for ports 5631 and 5632. When I tried to
to server P from pc C, I always get timed out.
    From server FW's syslog, I can see the following line:
Jan  3 09:49:36 FW kernel: Packet log: input ACCEPT eth0 PROTO=17 x.x.x.b:45770
L=30 S=0x00 I=27892 F=0x0000 T=127 (#48)
    I've done "echo 1 > /proc/sys/net/ipv4/ip_forward" as well.
    My route table is as the following:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
x.x.x.net U     0      0        0 eth0   U     0      0        0 eth1         x.x.x.gw         UG    0      0        0 eth0
    I'm not sure what have I still missed out here?


nate wrote:

> Simon Tneoh Chee-Boon said:
> >
> >    I've executed the following commands:
> > ipmasqadm portfw -a -P tcp -L externalip 5631 -R internalip 5631
> > ipmasqadm portfw -a -P udp -L externalip 5631 -R internalip 5631
> > ipmasqadm portfw -a -P tcp -L externalip 5632 -R internalip 5632
> > ipmasqadm portfw -a -P udp -L externalip 5632 -R internalip 5632
> > ipmasqadm autofw -A -r tcp 5631 5632 -h internalip
> > ipmasqadm autofw -A -r udp 5631 5632 -h internalip
> why are you doing both autofw and portfw? I would just use portfw.
> Also be sure when your connecting to externalip you do so from
> OUTSIDE the NAT network. my experience is that you cannot connect to
> the external interface of a port forwarded system from behind the
> same NAT that forwards it. Nor can you connect to the port forwarded
> system on the external ip from the NAT box itself.
> nate
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Simon Tneoh Chee-Boon simon.tneoh@mybiz.net
Senior Technologist MyBiz International Limited
Tel: (60)3-2713-8181    Fax: (60)3-2713-8811
Personal: http://www.tneoh.zoneit.com/simon/
Company:  http://www.mybiz.net

Reply to: