Topic: PortForwarding

[Greg]

This is what I did
Installed 5.6 U4 clean on external and internal IP's
e-smith-packetfilter-1.13.0-04.noarch.rpm
e-smith-portforwarding-0.1.0-20.noarch.rpm  
# /sbin/e-smith/signal-event post-upgrade
# service masq restart
Went in and set port 81/tcp to forward to a server on the local net port 80

I get nothing, no port 81 on a port scan of the external IP, 80 is there
I can bring up the page on 80 but zip on 81

[Greg]

I absolutely can't make this work. I look at other messages and everyone has no problem with it so I must be dou\ing something wrong.

Help please!!!

[UC]

5.6 uses iptables instead of ipchains.
This is why the port forwarding package doesn't work anymore.

I'm looking for a solution myself.

UC

[UC]

Save the following (caution, line wraps !!)
to /etc/e-smith/templates/etc/rc.d/init.d/60SetPortFW

run /sbin/e-smith/expand-template /etc/rc.d/init.d/masq
followed by a
/etc/init.d/masq restart

This currently only allows TCP forwards. I didn't check for the UDP ones yet.

This is a quick hack ! use at your own risk.


{
    local %services = ( masq => $masq );
    $OUT = "";

    local $me = "portfw";

    local $status = db_get_prop(\%services, 'masq', 'status') || "disabled";
    local $loadme = db_get_prop(\%services, 'masq', $me) || "yes";

    if ( ($status eq "enabled") and ($loadme eq "yes") )
    {
        local %tcp_forwards =
            split(/,/,
                db_get_prop(\%services, 'masq', 'TCPForwards') || '');
        foreach my $port (keys %tcp_forwards)
        {
            $OUT .= "    /sbin/iptables --table nat --append PREROUTING ";
            # Set up local port to forward
            $OUT .= "-d $ExternalIP -p tcp --dport ${port} ";
            # Set up the remote port to forward to
            $OUT .= "-j DNAT --to $tcp_forwards{$port}:$port\n";
        }
        local %udp_forwards =
            split(/,/,
                db_get_prop(\%services, 'masq', 'UDPForwards') || '');
        #foreach my $port (keys %udp_forwards)
        #{
        #    $OUT .= "    /sbin/iptables portfw -a -P udp ";
        #    # Set up local port to forward
        #    $OUT .= "-L $ExternalIP $port ";
        #    # Set up the remote port to forward to
        #    $OUT .= "-R $tcp_forwards{$port} $port\n";
        #    # And accept the incoming packets
        #    $OUT .= "    /sbin/iptables --append input -p udp -s 0/0 ";
        #    $OUT .= "-d \$OUTERNET ${port} -j ACCEPT\n";
        #}
    }
}

[Dan Brown]

UC, your first post is incorrect and the second is (or should be) unnecessary.  The version of e-smith-portforwarding Greg installed is written to work with SME 5.6 and iptables, and it works fine on my server.  

Now, if your script works for him, great, but he should be able to make this work with what he has installed.

[UC]

Dan, you're right. I didn't check for the version and actually wasn't aware that there is a new package using iptables.
However- I don't see why the first posting is incorrect. iptables was introduced in 5.6 since 5.5 still uses ipchains.
And basically it has no other choice, since 5.5 uses a 2.2 kernel where iptables really comes into play with a 2.4 kernel.

I noted the problem because I upgraded one of my machines fro 5.5 to 5.6 and that certainly leaves the old ipchains based forwarder on the system which then fails.

[Dan Brown]

The reason I said your first post was incorrect was because of this: "This is why the port forwarding package doesn't work anymore."  In fact, the port forwarding package Greg has installed is writtein for iptables, so the change to iptables in the current kernel shouldn't have anything to do with his problem.  You're right, though, that it's an issue in an upgrade.

[Greg]

This was a fresh install of 5.6U4 and PortForwarding only
Set it up with a routable external IP and on the internal net

[Uwe]

I've been following this thread as I have a similar problem since upgrading to 5.6U4

Have you managed to resolve your problem?

Where can the packages you mentioned (below) be found?
e-smith-packetfilter-1.13.0-04.noarch.rpm
e-smith-portforwarding-0.1.0-20.noarch.rpm

Thanks in advance.

[Michael P. Soulier]

Greg wrote:
>
> This is what I did
> Installed 5.6 U4 clean on external and internal IP's
> e-smith-packetfilter-1.13.0-04.noarch.rpm
> e-smith-portforwarding-0.1.0-20.noarch.rpm  

The packages that definitely work with 5.6 are in my contrib space. I know this because I'm using them myself, and I helped author them. Make sure that you have no other port-forwarding/opening contribs installed, as they will conflict.

ftp://ftp.e-smith.org/pub/e-smith/contrib/MichaelSoulier/RPMS/noarch/

Grab the three rpms you find there. Force a downgrade of e-smith-packetfilter, as the one I am supplying is from the 5.6 stream, with back-ported code from the rpm above.

rpm -Uvh --oldpackage

The Port_Forwarding rpm will ensure that the proper %post actions are taken.

Cheers,
Mike