Re: PCAnywhere and IPCHAINS
When I try to some REDIRECT in ipchains, I got the following message:
ipchains: No target by that name (Maybe this kernel doesn't support transparent
Could this cause the problem?
I'm using Linux wira 2.2.20 #1 Sat Apr 20 11:45:28 EST 2002 i686 unknown.
I've executed tcpdump, no connection to the internal IP for the internal
> Simon Tneoh Chee-Boon said:
> > Hello nate,
> > I suspect could it be my ipchains rule block the internal
> > connections?
> >>From internal network, when I try to PCAnywhere external PCAnywhere
> > Host, I
> > can something like the following in the syslog file:
> > 1) internalIP (unprivportA) -> externalHostIP (5632)
> > 2) fwexternalIP (unprivportB) -> externalHostIP (5632) (I believe this is
> > 'coz of MASQ)
> > 3) externalHostIP (5632) -> fwexternalIP (unprivportB)
> > 4) externalHostIP (5632) -> internalIP (unprivportA)
> > I wonder if the connection is in the other way, how would this be?
> > Something like the followings?
> > 1) externalClientIP (unprivportA) -> fwexternalIP (5632)
> > 2) fwinternalIP (unprivportB) -> internalHostIP (5632) ('coz of portfw) 3)
> > internalHostIP (5632) -> fwinternalIP (unprivportB)
> > 4) fwexternalIP (5632) -> externalClientIP (unprivportA)
> > When I tested, I only see 1)'s log, there's no log for 2). So I'm a
> > bit confused here.
> > Or maybe I really need an extra new external IP for this internal
> > server,
> > else I can't do port forwarding without it?
> you don't need an extra IP for the server, unless your forwarding to more
> then 1 server on the same external port. Have you flushed the forwarding
> rules? perhaps autofw is still running, try
> ipmasqadm autofw -F
> to delete any autofw rules then try ipmasqadm again
> ipmasqadm portfw -a -P tcp -L EXTERNAL_IP_ADDRESS 5631 \
> -R INTERNAL_IP_ADDRESS 5631
> ipmasqadm portfw -a -P udp -L EXTERNAL_IP_ADDRESS 5632 \
> -R INTERNAL_IP_ADDRESS 5632
> try running iptraf on the firewall host while you initiate a connection
> to see what it shows. or perhaps tcpdump
> tcpdump -i INTERNAL_INTERFACE src or dst IP_ADDRESS_OF_PCA_SERVER
> good luck!
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
Simon Tneoh Chee-Boon firstname.lastname@example.org
Senior Technologist MyBiz International Limited
Tel: (60)3-2713-8181 Fax: (60)3-2713-8811