Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Which file to template for masq (needed for gnugk, h323)
« previous next »
Pages: [1]   Go Down

Which file to template for masq (needed for gnugk, h323)

  • 2 Replies
  • 587 Views

Andre

Which file to template for masq (needed for gnugk, h323)
« on: September 28, 2003, 03:40:34 AM »
hi
I'am busy with configuring gnugk (gatekeeper for MSN, h323 et al)
So some port will have to be opened. See info below.
It should be done in a custom template for the masq file in /etc/rc.d/init.d/masq
However in the etc/e-smith/templates/ /etc/rc.d/init.d/masq/ directory there are a lot of files.
Which one should be modified and how? 40masqLAN or another one?
Expanding I now how to do.
I looked with the search but only found  something for iptables but that file does exist for ipchains.
Thanx!


==================================================================
Suggested ports to be opened for gnugk (GNU Gatekeeper)

TCP 1718-1731
TCP 30000-30020
UDP 5000-5010
UDP 1719-1720

with ipchains it can be like:

$IPCHAINS -A input -p tcp -s $REMOTENET -d $REMOTENET 30000 -i $OUTERIF -j ACCEPT
# til port number.........
$IPCHAINS -A input -p tcp -s $REMOTENET -d $REMOTENET 30030 -i $OUTERIF -j ACCEPT

# and similar for udp (ofr the port above)

$IPCHAINS -A input -p udp -s $REMOTENET -d $REMOTENET 5000 -i $OUTERIF -j ACCEPT

PS: this is the format being used by pmfirewall, small adaptions might be needed for names like REMOTENET (?)
Logged

Marcello

Re: Which file to template for masq (needed for gnugk, h323)
« Reply #1 on: September 28, 2003, 05:51:13 AM »
Have a look at any of the 45Allow.... files. Make a copy of for example 45AllowHttp and modify the portnumber.
Marcello
Logged

Andre

Re: Which file to template for masq (needed for gnugk, h323)
« Reply #2 on: September 28, 2003, 01:25:14 PM »
Thanx,
but it is meant for port 80 only as it seems, or am I wrong...
Just insertion of the rules?


PS:
REMOTENET from pmfirewall seems to be OUTERNET from E-Smith.
OUTERIF does exist for both.
Strange: pmfirewall did retrieve the dyn ip but did not the forwarding...? The file locations are the same, still got a warning which i could not solve? Other wise pmfirewall is easy in adapting ports....



45AllowHttp:
==========

{
    local %services = ( 'httpd-e-smith' => ${'httpd-e-smith'} );

    my $status = db_get_prop(\%services, 'httpd-e-smith', 'status') ||
      "disabled";
    my $access = db_get_prop(\%services, 'httpd-e-smith', 'access') ||
      "public";

    if ( ($status eq "enabled") and ($access eq "public") )
    {
        $OUT .= <<'HERE';
    /sbin/ipchains --append input -p tcp -s 0/0 -d $OUTERNET 80 -j ACCEPT
    /sbin/ipchains --append output ! -y -p tcp -d 0/0 -s $OUTERNET 80 -j ACCEPT
HERE
    }
}
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Which file to template for masq (needed for gnugk, h323)