Firewall & IP Forwarding problems
Hello.
I'm trying to connect my pocket pc by wíreless to my VMWare Windows 2000
virtual PC. Which means, I need a completely transparent connection
between my eth1 (wireless) and vmnet8 (vmware emulated lan) devices.
So far, I've tried using the following script:
-----------------------------------------------------------
#!/bin/sh
echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
INSMOD=/sbin/modprobe
#Setting the EXTERNAL and INTERNAL interfaces for the network
#
EXTIF="vmnet8"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
#======================================================================
#== No editing beyond this line is required for initial MASQ testing ==
echo -en " loading modules: "
# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a
echo
"----------------------------------------------------------------------"
echo -en "ip_tables, "
$INSMOD ip_tables
echo -en "ip_conntrack, "
$INSMOD ip_conntrack
#Load the FTP tracking mechanism for full FTP tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_ftp, "
$INSMOD ip_conntrack_ftp
#Load the IRC tracking mechanism for full IRC tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_irc, "
$INSMOD ip_conntrack_irc
echo -en "iptable_nat, "
$INSMOD iptable_nat
echo -en "ip_nat_ftp, "
$INSMOD ip_nat_ftp
echo -e "ip_nat_irc"
$INSMOD ip_nat_irc
echo
"----------------------------------------------------------------------"
echo -e " Done loading modules.\n"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
#echo " FWD: Allow all connections OUT and only existing and related
ones IN"
#$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nrc.firewall-2.4 v$FWVER done.\n"ð
--------------------------------------------
After applying this script, I'm able to ping the pocketpc from the
VMWare system and, when I tap on "Connect" on the pocketpc, Activesync
on the VMWare system starts rolling but stops a while later saying a
"Critical communication services failed to start..." error which I
learned was because a firewall blocked the application. All solutions I
found were for Windows, so I would appreciate any help I could get to
make this work under Linux.
I'm running a Sarge system with a 2.6.12.2 kernel.
Thanks in advance,
Ronald
Reply to: