[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PCAnywhere and IPCHAINS

Hello nate,
    I suspect could it be my ipchains rule block the internal
>From internal network, when I try to PCAnywhere external PCAnywhere
Host, I
can something like the following in the syslog file:
1) internalIP (unprivportA) -> externalHostIP (5632)
2) fwexternalIP (unprivportB) -> externalHostIP (5632) (I believe this
is 'coz of MASQ)
3) externalHostIP (5632) -> fwexternalIP (unprivportB)
4) externalHostIP (5632) -> internalIP (unprivportA)
    I wonder if the connection is in the other way, how would this be?
Something like the followings?
1) externalClientIP (unprivportA) -> fwexternalIP (5632)
2) fwinternalIP (unprivportB) -> internalHostIP (5632) ('coz of portfw)
3) internalHostIP (5632) -> fwinternalIP (unprivportB)
4) fwexternalIP (5632) -> externalClientIP (unprivportA)
    When I tested, I only see 1)'s log, there's no log for 2). So I'm a 
bit confused here.
    Or maybe I really need an extra new external IP for this internal
else I can't do port forwarding without it?



nate wrote:

> Simon Tneoh Chee-Boon said:
> > Hello nate,
> >     Thanks for your reply.
> >     I saw some examples using both portfw and autofw, that's why I was
> > trying
> > both.
> > I've removed autofw but it still failed.
> >     My machine details:
> > server FW (IP: x.x.x.a interfaces: x.x.x.x/29 and
> > ipchains running on it)
> > pc C (IP: x.x.x.b PCAnywhere client)
> > server P (IP: it behinds server A, PCAnywhere host)
> >     So my externalip would be x.x.x.a and internal IP is On
> > server
> > FW, I've allowed both TCP and UDP connection for ports 5631 and 5632. When
> > I tried to
> > connect to server P from pc C, I always get timed out.
> does the PCAnywhere server have IP of the machine doing
> the NAT) as the default gateway? It needs to be in order to work. I
> reccomend downloading a traffic sniffer for the PCAnywhere server to
> see if the traffic is comming through. something like this should be
> sufficient:
> http://www.sysinternals.com/ntw2k/freeware/tdimon.shtml
> >     I'm not sure what have I still missed out here?
> routing table of the PCAnywhere server? The packet sniffer should
> show more information.
> nate
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Simon Tneoh Chee-Boon simon.tneoh@mybiz.net
Senior Technologist MyBiz International Limited
Tel: (60)3-2713-8181    Fax: (60)3-2713-8811
Personal: http://www.tneoh.zoneit.com/simon/
Company:  http://www.mybiz.net

Reply to: