Topic: Port Forwarding / Mapping

[Jules]

How can I setup e-smith to forwrad incoming request on the external IP to an internal IP on a windoze machine?
ie ...ftp requests on ip 24.x.x.x port 666 forwarded to a windows ftpserver (servu) running on the windows machine ip 10.0.0.135 port 666

I have a HUGE drive on the windows machine and minimal on the e-smith, I woudl liek NOT to have to swap the drives over


info - external ip 24.x.x.x internal ip 10.0.0.1 (DHCP giving out 10.0.0.100 - 200)

Thanks

Jules

[Franck ZOCCOLO]

You should try something like that :

ipmasqadm portfw -A -P tcp -L 24.x.x.x 666 -R 10.0.0.1 666

[Jules]

Works Great !!
Thanks

(Except it appears to be -a not -A )  

Now I have to setup the dran ftp servu with MultiHomed IP address as it won't return the reply back the right way ..DOH !!

Jules

[Jules]

Or --

Does this have anything to do with the return daat coming back on a port above 1024 ? Is the return path blocked by esmith or are ports above 1024 'open' ?

[Charlie Brady]

Jules wrote:

> Now I have to setup the dran ftp servu with MultiHomed IP
> address as it won't return the reply back the right way ..DOH
> !!

You might find this very difficult to get working, since ftp is a two connection protocol - and the second connection can be incoming or outgoing depending on the client configuration, and the port numbers are not fixed.

Charlie

[Jules]

Charlie Brady wrote:

>
> You might find this very difficult to get working, since ftp
> is a two connection protocol - and the second connection can
> be incoming or outgoing depending on the client
> configuration, and the port numbers are not fixed.
>
> Charlie

It is indeed proving to be problem ...PLEASE any help/suggestions woudl be appreciated.

I can log in but the reurn of the connection/data is messing me up <:-(>
and then dropping the connection (refused on return).

Has ANYONE done this already ??

Jules™

[Jules]

PS..

I have setup the windows servu with multihomed Ips so that is not the problem (err I think not anyway)

J™

[Jules]

one more Q. (well Maybe more)

I am forced at work to use PASV mode..Am I also forced to use Passive mode on incoming connectiosn on the e-smith server ? I think PASV is only on outgoing but I would liek to be sure.

tahnks
 oops
Thanks

J™

[aniston]

hello Jules,

try to see this page at http://ipmasq.cjb.net/  and look for the applications section, now towards the end of this section you will find a module which might help you I didn't go into looking it up but it seems very relevant to what you may want.

By the way I'myself am looking for some modules to be able to host a good bit (about 20 or so) of web servers from my inside network to the outside and havent as yet got it going ....any clues?

regards,
aniston.

[aniston]

hello Jules,

try to see this page at http://ipmasq.cjb.net/  and look for the applications section, now towards the end of this section you will find this module (New IP_MASQ_FTP Module) which might help you I didn't go into looking it up but it seems very relevant to what you may want.

By the way I'myself am looking for some modules to be able to host a good bit (about 20 or so) of web servers from my inside network to the outside and havent as yet got it going ....any clues?

regards,
aniston.

[Graeme Robinson]

Just thought I'd add that I've used this pmasqadm portfw command to successfully permit remote access (using a pcanywhere type program that uses full encryption) to an internal winbox on a specific port, something that's been on my todo list for a couple of weeks - thanks Franck!

[Chrisis]

A bit off topic, but along similar lines: how can I check the ports that my SME server is listening on for FTP?  Can I just assume that it will be ports 20-21?  I have configured my DSL router to forward ports 20-21 to my SME server, and I get "connection refused" whenever I try to connect.
My DSL router successfully forwards http requests via port 80 to my SME server.
TIA

[aniston]

To check the ports (including ftp) open on your e-smith server, Darrel May's website has a nice utility called 'portscan' http://myezserver.com/downloads/mitel/contrib/portscan/ that will show you the open ports on the server via nmap.

Also check basic settings in the admin panel under 'Remote Access' if ftp is disabled by mistake ? is ftp accessiable from the inside only ?

what specific dsl router are you using ?

a nice free ftp client for windows is smartftp from http://www.smartftp.com

regards
.aniston

[Chris]

aniston wrote:
>
> To check the ports (including ftp) open on your e-smith
> server, Darrel May's website has a nice utility called
> 'portscan'
> http://myezserver.com/downloads/mitel/contrib/portscan/ that
> will show you the open ports on the server via nmap.

Thanks for the reminder about nmap!  nmap tells me that my SME Server has tcp on the default port 21, but that my dsl router (an Asus 6000ev) does not have port 21 open.  My DSL config says I /do/ have a pinhole open for port 21 so I have to figure what I've done wrong there that the pinhole isn't being spotted by nmap (nmap correctly reports that port 80 on my router is open)

>
> Also check basic settings in the admin panel under 'Remote
> Access' if ftp is disabled by mistake ? is ftp accessiable
> from the inside only ?

I have enabled ftp access on my SME server -- both "public" and "normal" settings have been set -- it's just my router that needs a kick.  I'll report back my solution to that as soon as I've got one.

> regards
> .aniston

Thanks for your help
Chris

[Charlie Brady]

Chris wrote:

>  nmap tells me that my
> SME Server has tcp on the default port 21, but that my dsl
> router (an Asus 6000ev) does not have port 21 open.  My DSL
> config says I /do/ have a pinhole open for port 21 so I have
> to figure what I've done wrong there

My advice remains - do not use s DSL router. Just use a DSL modem. The extra level of firewalling/routing/port-forwarding/NAT just causes many problems and doesn't add much, if anything.

Charlie