Re: PCAnywhere and IPCHAINS
Simon Tneoh Chee-Boon said:
> Hello nate,
> I suspect could it be my ipchains rule block the internal
> connections?
>>From internal network, when I try to PCAnywhere external PCAnywhere
> Host, I
> can something like the following in the syslog file:
> 1) internalIP (unprivportA) -> externalHostIP (5632)
> 2) fwexternalIP (unprivportB) -> externalHostIP (5632) (I believe this is
> 'coz of MASQ)
> 3) externalHostIP (5632) -> fwexternalIP (unprivportB)
> 4) externalHostIP (5632) -> internalIP (unprivportA)
> I wonder if the connection is in the other way, how would this be?
> Something like the followings?
> 1) externalClientIP (unprivportA) -> fwexternalIP (5632)
> 2) fwinternalIP (unprivportB) -> internalHostIP (5632) ('coz of portfw) 3)
> internalHostIP (5632) -> fwinternalIP (unprivportB)
> 4) fwexternalIP (5632) -> externalClientIP (unprivportA)
> When I tested, I only see 1)'s log, there's no log for 2). So I'm a
> bit confused here.
> Or maybe I really need an extra new external IP for this internal
> server,
> else I can't do port forwarding without it?
you don't need an extra IP for the server, unless your forwarding to more
then 1 server on the same external port. Have you flushed the forwarding
rules? perhaps autofw is still running, try
ipmasqadm autofw -F
to delete any autofw rules then try ipmasqadm again
ipmasqadm portfw -a -P tcp -L EXTERNAL_IP_ADDRESS 5631 \
-R INTERNAL_IP_ADDRESS 5631
ipmasqadm portfw -a -P udp -L EXTERNAL_IP_ADDRESS 5632 \
-R INTERNAL_IP_ADDRESS 5632
try running iptraf on the firewall host while you initiate a connection
to see what it shows. or perhaps tcpdump
tcpdump -i INTERNAL_INTERFACE src or dst IP_ADDRESS_OF_PCA_SERVER
good luck!
nate
Reply to: