Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: port forwarding in 5.6 how?
« previous next »
Pages: [1]   Go Down

port forwarding in 5.6 how?

  • 7 Replies
  • 991 Views

Anthony de Waal

port forwarding in 5.6 how?
« on: February 05, 2003, 02:15:28 AM »
Hi there.
I have downloaded the portforwarding rpm of Charly Brady, that looks easy to use.
Problem is, that I can now forward a port to a computer on my network, but without simultaneous opening of the port on ppp0 the packets don't get in.

This is for making Microsoft gamezone gameplaying possible.
Mind you, ports 2300 up to 2400 need to be forwarded. I hope this is possible in a single command.

I had this running on 5.5 with ipchains, takes only a few lines, but with the iptables I have no clue.

Can anyone give either an updated rpm for a graphical interface, or a clue to what templates to add?

If anyone has an idea for a module to do this zone gaming, that would even be better.

Thanks in advance,
Thony
Logged

Cyrus Bharda

Re: port forwarding in 5.6 how?
« Reply #1 on: February 05, 2003, 03:00:13 AM »
Have you tried Darrell May's contrib, but I think it just does the same as charlie's, although I have not tried charlies as Darrell's works great. In Darrell's there is no easy way to add multiple ports though, you have to add them one at a time through the server-manager panel.

http://myezserver.com/downloads/mitel/contrib/portforwarding/

Cyrus Bharda
Logged

Anthony de Waal

Re: port forwarding in 5.6 how?
« Reply #2 on: February 05, 2003, 03:29:09 AM »
Hi,
that has exactly the same name as the one I downloaded.
I just checked, and I certainly use the packetfilter contributed by Charles Brady:
e-smith-packetfilter-1.13.0-07.noarch.rpm
But now I doubt where I got the portforward from.
Point is: will it open the ports as well? My testing seems to say it doesn't.
I use the e-smith with pptp for ADSL in the Netherlands.
Things may be a bit different in this situation.
Can someone at least point me to some documentation on the current packet filtering setup?
Kind greetings,
Thony
Logged

Anthony de Waal

Re: port forwarding in 5.6 how?
« Reply #3 on: February 05, 2003, 03:31:04 AM »
Found it:
Author: RequestedDeletion (RequestedDeletion.wang_AT_star-support.com)
Date:   01-31-03 14:34

ftp://ftp.e-smith.org/pub/e-smith/contrib/CharlieBrady/RPMS/noarch/

look for port forwarding
Logged

Michael Soulier

Re: port forwarding in 5.6 how?
« Reply #4 on: February 06, 2003, 01:39:26 AM »
Anthony de Waal wrote:

> Point is: will it open the ports as well? My testing seems to
> say it doesn't.

It should. What makes you think it's not? Have you checked the rules to see whether or not it has in fact opened the ports?

Mike
Logged

Anthony de Waal

Re: port forwarding in 5.6 how?
« Reply #5 on: February 06, 2003, 02:05:03 AM »
Hi Michael,
I forwarded port 2300 to my internal network, 192.168.0.205.
It certainly did something, as it appears now in the IPTABLES -L output
(see below). Actually it looks opened but not forwarded rather than the other way around.
I use a program called Portdetective from www.tzolkin.com on the destination workstation. It worked fine when I had 5.5 with ipchains and the firewall from www.adsl4linux.nl. Now it says port is blocked.
Two possible complications.
1) my outer interface is not the ethernet card but ppp0.
I used 00Definitions to change that.
2) the packets do not come after a request from the inside. It is the difficulty with gamingzone that random ports between 2300 and 2400 are used to reply.
Thanks for looking at my problem.
Kind greetings,
Thony
[root@e-smith root]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
state_chk  all  --  anywhere             anywhere
local_chk  all  --  anywhere             anywhere
InboundICMP  icmp --  anywhere             anywhere
denylog    icmp --  anywhere             anywhere
InboundTCP  tcp  --  anywhere             anywhere           tcp flags:SYN,RST,A
CK/SYN
denylog    tcp  --  anywhere             anywhere           tcp flags:SYN,RST,AC
K/SYN
InboundUDP  udp  --  anywhere             anywhere
denylog    udp  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere           udp spts:bootps:boot
pc
gre-in     gre  --  anywhere             anywhere
denylog    gre  --  anywhere             anywhere
denylog    all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
state_chk  all  --  anywhere             anywhere
local_chk  all  --  anywhere             anywhere
denylog    all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
OutboundICMP  icmp --  anywhere             anywhere
denylog    icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain InboundICMP (1 references)
target     prot opt source               destination
InboundICMP_579  all  --  anywhere             anywhere
denylog    icmp --  anywhere             anywhere

Chain InboundICMP_579 (1 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere           icmp echo-request
ACCEPT     icmp --  anywhere             anywhere           icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere           icmp destination-unr
eachable
ACCEPT     icmp --  anywhere             anywhere           icmp source-quench
ACCEPT     icmp --  anywhere             anywhere           icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere           icmp parameter-probl
em
denylog    all  --  anywhere             anywhere

Chain InboundTCP (1 references)
target     prot opt source               destination
InboundTCP_579  all  --  anywhere             anywhere
denylog    tcp  --  anywhere             anywhere           tcp flags:SYN,RST,AC
K/SYN

Chain InboundTCP_579 (1 references)
target     prot opt source               destination
denylog    all  --  anywhere            !cittern.xs4all.nl
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:auth
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:https
denylog    tcp  --  anywhere             anywhere           tcp dpt:imap2
denylog    tcp  --  anywhere             anywhere           tcp dpt:ldap
denylog    tcp  --  anywhere             anywhere           tcp dpt:pop3
denylog    tcp  --  anywhere             anywhere           tcp dpt:1723
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
denylog    tcp  --  anywhere             anywhere           tcp dpt:telnet
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:2300

Chain InboundUDP (1 references)
target     prot opt source               destination
InboundUDP_579  all  --  anywhere             anywhere
denylog    udp  --  anywhere             anywhere

Chain InboundUDP_579 (1 references)
target     prot opt source               destination
denylog    all  --  anywhere            !cittern.xs4all.nl

Chain OutboundICMP (1 references)
target     prot opt source               destination
OutboundICMP_579  all  --  anywhere             anywhere
denylog    icmp --  anywhere             anywhere

Chain OutboundICMP_579 (1 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere           icmp echo-request
ACCEPT     icmp --  anywhere             anywhere           icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere           icmp destination-unr
eachable
ACCEPT     icmp --  anywhere             anywhere           icmp source-quench
ACCEPT     icmp --  anywhere             anywhere           icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere           icmp parameter-probl
em
denylog    all  --  anywhere             anywhere

Chain denylog (21 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           LOG level warning
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain gre-in (1 references)
target     prot opt source               destination
denylog    all  --  anywhere            !cittern.xs4all.nl
ACCEPT     all  --  anywhere             anywhere

Chain local_chk (2 references)
target     prot opt source               destination
local_chk_1  all  --  anywhere             anywhere

Chain local_chk_1 (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain state_chk (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABL
ISHED
[root@e-smith root]#
Logged

Michael Soulier

Re: port forwarding in 5.6 how?
« Reply #6 on: February 06, 2003, 07:11:41 AM »
Anthony de Waal wrote:
>
> Hi Michael,
> I forwarded port 2300 to my internal network, 192.168.0.205.
> It certainly did something, as it appears now in the IPTABLES
> -L output
> (see below). Actually it looks opened but not forwarded
> rather than the other way around.

That's because you're looking at the filter table. I highly suggest you read the iptables manpage, which will explain the differences between the filter, nat and mangle tables. If you wish to see the portforwarding rules you must look in the nat table.

iptables -t nat -nvL

> I use a program called Portdetective from www.tzolkin.com on
> the destination workstation. It worked fine when I had 5.5
> with ipchains and the firewall from www.adsl4linux.nl. Now it
> says port is blocked.

I'd say it's wrong. The iptables output confirms that.

> Two possible complications.
> 1) my outer interface is not the ethernet card but ppp0.
> I used 00Definitions to change that.

You shouldn't have to touch a thing. The server will determine its external interface by itself.

Mike
Logged

Anthony de Waal

Re: port forwarding in 5.6 how?
« Reply #7 on: February 06, 2003, 08:56:40 AM »
OK, here it is:
Chain PortForwarding_579 (1 references)
 pkts bytes target     prot opt in     out     source               destination

   16   736 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
       tcp dpt:2300 to:192.168.0.205:2300

All the same: in /var/log/messages:
Feb  6 06:47:19 e-smith kernel: IN=ppp0 OUT=eth0 SRC=209.213.70.61 DST=192.168.0.205 LEN=44 TOS=0x00
PREC=0x00 TTL=112 ID=11326 DF PROTO=TCP SPT=4107 DPT=2300 WINDOW=8192 RES=0x00 SYN URGP=0

I checked telnet, smtp en 2300 at the same time. Telnet gets a same logging, smtp doesn't appear.
I have a mail server running, so that makes sense. Still port detective shows it as blocked, because the packets do not arrive back to the program.

I didn't read the man pages. I know I should but have not found the time. Basically that is why I looked for a program in the first place :-)

Kind greetings,
Thony
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: port forwarding in 5.6 how?