Re: PCAnywhere and IPCHAINS

To: nate <debian-user@aphroland.org>, debian-user@lists.debian.org
Subject: Re: PCAnywhere and IPCHAINS
From: Simon Tneoh Chee-Boon <simon.tneoh@mybiz.net>
Date: Mon, 06 Jan 2003 09:24:44 +0800
Message-id: <[🔎] 3E18DADC.F57D8416@mybiz.net>
Reply-to: simon.tneoh@mybiz.net
References: <[🔎] 3E141973.5F036A2@mybiz.net> <[🔎] 48157.10.10.10.7.1041522006.squirrel@webmail.linuxpowered.net>

Hello nate,
    Thanks for your reply.
    I saw some examples using both portfw and autofw, that's why I was
trying
both.
I've removed autofw but it still failed.
    My machine details:
server FW (IP: x.x.x.a interfaces: x.x.x.x/29 and 192.168.1.0/24
ipchains running on it) 
pc C (IP: x.x.x.b PCAnywhere client)
server P (IP: 192.168.1.2 it behinds server A, PCAnywhere host)
    So my externalip would be x.x.x.a and internal IP is 192.168.1.2. On
server
FW, I've allowed both TCP and UDP connection for ports 5631 and 5632.
When I tried to
connect to server P from pc C, I always get timed out.
    From server FW's syslog, I can see the following line:
Jan  3 09:49:36 FW kernel: Packet log: input ACCEPT eth0 PROTO=17
x.x.x.b:45770
x.x.x.a:5632 L=30 S=0x00 I=27892 F=0x0000 T=127 (#48)
    I've done "echo 1 > /proc/sys/net/ipv4/ip_forward" as well.
    My route table is as the following:
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
x.x.x.net   0.0.0.0         255.255.255.248 U     0      0        0 eth0
192.168.1.0    0.0.0.0         255.255.255.0   U     0      0        0
eth1
0.0.0.0         x.x.x.gw   0.0.0.0         UG    0      0        0 eth0
    I'm not sure what have I still missed out here?
    Thanks.

Regards,
Simon.



nate wrote:

> Simon Tneoh Chee-Boon said:
> >
> >    I've executed the following commands:
> > ipmasqadm portfw -a -P tcp -L externalip 5631 -R internalip 5631
> > ipmasqadm portfw -a -P udp -L externalip 5631 -R internalip 5631
> > ipmasqadm portfw -a -P tcp -L externalip 5632 -R internalip 5632
> > ipmasqadm portfw -a -P udp -L externalip 5632 -R internalip 5632
> > ipmasqadm autofw -A -r tcp 5631 5632 -h internalip
> > ipmasqadm autofw -A -r udp 5631 5632 -h internalip
>
> why are you doing both autofw and portfw? I would just use portfw.
>
> Also be sure when your connecting to externalip you do so from
> OUTSIDE the NAT network. my experience is that you cannot connect to
> the external interface of a port forwarded system from behind the
> same NAT that forwards it. Nor can you connect to the port forwarded
> system on the external ip from the NAT box itself.
>
> nate
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--
Simon Tneoh Chee-Boon simon.tneoh@mybiz.net
Senior Technologist MyBiz International Limited
Tel: (60)3-2713-8181    Fax: (60)3-2713-8811
Personal: http://www.tneoh.zoneit.com/simon/
Company:  http://www.mybiz.net

Reply to:

Follow-Ups:
- Re: PCAnywhere and IPCHAINS
  - From: "nate" <debian-user@aphroland.org>

References:
- PCAnywhere and IPCHAINS
  - From: Simon Tneoh Chee-Boon <simon.tneoh@mybiz.net>
- Re: PCAnywhere and IPCHAINS
  - From: "nate" <debian-user@aphroland.org>

Prev by Date: the vanishing console message trick
Next by Date: RE: iptables
Previous by thread: Re: PCAnywhere and IPCHAINS
Next by thread: Re: PCAnywhere and IPCHAINS
Index(es):
- Date
- Thread