Re: PCAnywhere and IPCHAINS
Simon Tneoh Chee-Boon said:
> Hello nate,
> 'Coz ipchains always displays that message, so I've commented the
> REDIRECT
> rule.
> So for my objective, the important parts are the ipchains, ipmasqadm
> portfw and route table, right?
yep, don't need redirect at all
> For my case, do I need any settings like CONFIG_IP_TRANSPARENT_PROXY=y?
nope don't need it.
> And will ipchains' MASQ rule affect this? I got something like the
> following in my rules:
> ipchains -A forward -s $INTERNAL_NET -j MASQ
> ipchains -A forward -i $INTERNAL_INTERFACE -j MASQ
that looks ok to me. Though I don't use the 2nd command, I don't think
it should effect the outcome.
> If it works, what would I see in the syslog for ipchains? Would I see
> something like the followings?
> external_interface PCAClientExternalIP (unprivportA) -> FWExternalIP
> (5632) internal_interface PCAClientExternalIP (unprivportA) ->
> PCAHostInternalIP (5632)
you probably won't see anything in syslog, doesn't look like portfw is
capable of logging. You should see stuff when using tcpdump though.
the PC anywhere server is on the same LAN as the internal interface
of the firewall right?
and IP Forwarding is turned on (/proc/sys/net/ipv4/ip_forward)
not sure what else to suggest. nothing on the client PCanywhere machine
preventing connections(local firewall?), run tcpdump again and be sure
there are inbound packets from your external host, or better yet run it,
output to a file (tcpdump -i eth0 src or dst EXTERNAL_IP >&/tmp/eth0.log
and in another terminal tcpdump -i eth1 src or dst INTERNAL_IP
>&/tmp/eth1.log). If your internal/external interfaces are reversed, then
reverse the commands. email me the log off list(change the ips if you
want, just be sure they are changed to something consistant. email the
logs to aphro_AT_aphroland_DOT_org
if you email them to this address I may miss em
nate
Reply to: