[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PCAnywhere and IPCHAINS

Simon Tneoh Chee-Boon said:
> Hello nate,
>     I suspect could it be my ipchains rule block the internal
> connections?
>>From internal network, when I try to PCAnywhere external PCAnywhere
> Host, I
> can something like the following in the syslog file:
> 1) internalIP (unprivportA) -> externalHostIP (5632)
> 2) fwexternalIP (unprivportB) -> externalHostIP (5632) (I believe this is
> 'coz of MASQ)
> 3) externalHostIP (5632) -> fwexternalIP (unprivportB)
> 4) externalHostIP (5632) -> internalIP (unprivportA)
>     I wonder if the connection is in the other way, how would this be?
> Something like the followings?
> 1) externalClientIP (unprivportA) -> fwexternalIP (5632)
> 2) fwinternalIP (unprivportB) -> internalHostIP (5632) ('coz of portfw) 3)
> internalHostIP (5632) -> fwinternalIP (unprivportB)
> 4) fwexternalIP (5632) -> externalClientIP (unprivportA)
>     When I tested, I only see 1)'s log, there's no log for 2). So I'm a
> bit confused here.
>     Or maybe I really need an extra new external IP for this internal
> server,
> else I can't do port forwarding without it?

you don't need an extra IP for the server, unless your forwarding to more
then 1 server on the same external port. Have you flushed the forwarding
rules? perhaps autofw is still running, try

ipmasqadm autofw -F

to delete any autofw rules then try ipmasqadm again

ipmasqadm portfw -a -P tcp -L EXTERNAL_IP_ADDRESS 5631 \
ipmasqadm portfw -a -P udp -L EXTERNAL_IP_ADDRESS 5632 \

try running iptraf on the firewall host while you initiate a connection
to see what it shows. or perhaps tcpdump


good luck!


Reply to: