Re: PCAnywhere and IPCHAINS

To: nate <debian-user@aphroland.org>, debian-user@lists.debian.org
Subject: Re: PCAnywhere and IPCHAINS
From: Simon Tneoh Chee-Boon <simon.tneoh@mybiz.net>
Date: Tue, 07 Jan 2003 12:20:02 +0800
Message-id: <[🔎] 3E1A5572.AC21BDA2@mybiz.net>
Reply-to: simon.tneoh@mybiz.net
References: <[🔎] 3E141973.5F036A2@mybiz.net> <[🔎] 48157.10.10.10.7.1041522006.squirrel@webmail.linuxpowered.net> <[🔎] 3E18DADC.F57D8416@mybiz.net> <[🔎] 51025.10.10.10.7.1041818423.squirrel@webmail.linuxpowered.net> <[🔎] 3E193E5D.35648587@mybiz.net> <[🔎] 57160.10.10.10.7.1041858763.squirrel@webmail.linuxpowered.net> <[🔎] 3E1A4248.4C323B9F@mybiz.net> <[🔎] 39243.10.10.10.7.1041910542.squirrel@webmail.linuxpowered.net>

Hello nate,
    'Coz ipchains always displays that message, so I've commented the REDIRECT
rule.
So for my objective, the important parts are the ipchains, ipmasqadm portfw and
route table, right?
For my case, do I need any settings like CONFIG_IP_TRANSPARENT_PROXY=y?
And will ipchains' MASQ rule affect this? I got something like the following in
my rules:
ipchains -A forward -s $INTERNAL_NET -j MASQ
ipchains -A forward -i $INTERNAL_INTERFACE -j MASQ
    If it works, what would I see in the syslog for ipchains? Would I see
something like the followings?
external_interface PCAClientExternalIP (unprivportA) -> FWExternalIP (5632)
internal_interface PCAClientExternalIP (unprivportA) -> PCAHostInternalIP (5632)
    Thanks.

Regards,
Simon.

nate wrote:

> Simon Tneoh Chee-Boon said:
> > Hello nate,
> >    When I try to some REDIRECT in ipchains, I got the following message:
> > ipchains: No target by that name (Maybe this kernel doesn't support
> > transparent proxying?)
> > Could this cause the problem?
> > I'm using Linux wira 2.2.20 #1 Sat Apr 20 11:45:28 EST 2002 i686 unknown.
> >    I've executed tcpdump, no connection to the internal IP for the
> > internal
> > interface.
>
> redirect only works for redirecting to a local service.
>
> e.g.
>
> server A has a service on port 500
> server A has REDIRECT(transparent proxy) which points port 5000->500
> connections from remote systems to port 5000 will end up on port 500
> connections from the local system(Server A) to port 5000 will fail.
>
> it will NOT work in combonation with port forwarding in redirecting
> traffic to another host.
>
> this could be a problem yes if you have a redirect statement on the
> same port as your port forwarding. to use transparent proxy you need:
> CONFIG_IP_TRANSPARENT_PROXY=y
>
> in your kernel config(debian kernels store their config in
> /boot/config-`uname -r`)
>
> nate
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--
Simon Tneoh Chee-Boon simon.tneoh@mybiz.net
Senior Technologist MyBiz International Limited
Tel: (60)3-2713-8181    Fax: (60)3-2713-8811
Personal: http://www.tneoh.zoneit.com/simon/
Company:  http://www.mybiz.net

Reply to:

Follow-Ups:
- Re: PCAnywhere and IPCHAINS
  - From: "nate" <debian-user@aphroland.org>

References:
- PCAnywhere and IPCHAINS
  - From: Simon Tneoh Chee-Boon <simon.tneoh@mybiz.net>
- Re: PCAnywhere and IPCHAINS
  - From: "nate" <debian-user@aphroland.org>
- Re: PCAnywhere and IPCHAINS
  - From: Simon Tneoh Chee-Boon <simon.tneoh@mybiz.net>
- Re: PCAnywhere and IPCHAINS
  - From: "nate" <debian-user@aphroland.org>
- Re: PCAnywhere and IPCHAINS
  - From: Simon Tneoh Chee-Boon <simon.tneoh@mybiz.net>
- Re: PCAnywhere and IPCHAINS
  - From: "nate" <debian-user@aphroland.org>
- Re: PCAnywhere and IPCHAINS
  - From: Simon Tneoh Chee-Boon <simon.tneoh@mybiz.net>
- Re: PCAnywhere and IPCHAINS
  - From: "nate" <debian-user@aphroland.org>

Prev by Date: Re: network
Next by Date: Re: Debie Newbie
Previous by thread: Re: PCAnywhere and IPCHAINS
Next by thread: Re: PCAnywhere and IPCHAINS
Index(es):
- Date
- Thread