Topic: Port forwardiing how to

[Bruce McNamara]

Well after a bit of playing around with port forwarding I've finally sorted things out.
And think my solution could help others in a similar pickle.

I did the following and don't profess to be an expert but it seems to work,
any correction to this technique would be welcomed.

I have a E-Smith V4 server with one fixed external IP address.
I needed others to be able to access their pop mail accounts on a server
behind the E-Smith box (not the ESmith Mail Server).

To do this I needed to port forward port 110 to the mail server.

First off I installed the IPMASQADM application.

I downloaded and used ipmasqadm-0.4.2-3.i386.rpm

Then installed it by going:

rpm -i ipmasqadm-0.4.2-3.i386.rpm

then I set the port forwarding to happen on startup,
assuming the following:

External Firewall IP (Fixed)  = 202.14.102.7
Internal Mail Server IP = 192.168.1.9
Port to forward = 110 (POP)

I added to the following template file:

/etc/e-smith/templates/etc/rc.d/init.d/masq/template-begin

##### IPMASQADM Starts

# Flush portfw rules
/usr/sbin/ipmasqadm portfw -f

# Forward Port 110 (POP) to the inhouse server IP
/usr/sbin/ipmasqadm portfw -a -P tcp -L 202.14.102.7 110 -R  192.168.1.9 110

##### IPMASQADM Ends

You need to run the following to apply the template:

/sbin/e-smith/expand-template /etc/rc.d/init.d/masq

then reboot the server to activate changes


Hope this is of help to someone out there.


Bruce

[Dan Brown]

Actually, you don't need to reboot the server--just run "service masq start" after the expand-template command.

[Jan]

Bruce McNamara wrote:

> Well after a bit of playing around with port forwarding I've
> finally sorted things out. And think my solution could help
> others in a similar pickle.
>
I sure need all the help i can get on this subject  


>
> First off I installed the IPMASQADM application.
>
> I downloaded and used ipmasqadm-0.4.2-3.i386.rpm
>
> Then installed it by going:
>
> rpm -i ipmasqadm-0.4.2-3.i386.rpm

I have downloaded the file , but i just cant figure out how to transfer it to the E-Smith. That is i can FTP it to the E-Smith  but i cant find it on the E-Smith system.

A step by step guide on how to do this would realy help me a lot.

I have a windows 2000 and a winME client conected to the E-Smith system


> then I set the port forwarding to happen on startup, assuming
> the following:
>
> External Firewall IP (Fixed)  = 202.14.102.7 Internal Mail
> Server IP = 192.168.1.9 Port to forward = 110 (POP)

Will that also work whit port ranges ?
and whit UDP ports?


> I added to the following template file:
>
> /etc/e-smith/templates/etc/rc.d/init.d....

?????    here I'm totaly lost


Regards
Jan

[Kevin Lim]

>I have downloaded the file , but i just cant figure out how to transfer it to the E->Smith. That is i can FTP it to the E-Smith but i cant find it on the E-Smith system.

this is a newbie way to do it, somebody else (guru) can surely suggest something quicker.
depends on where you ftp'ed it to.  i use a similar method, i download the file using my w2k box, then ftp the file using my admin account, so i can put it into primary/files.  then i telnet into root on e-smith.  the file is then in /home/e-smith/files/primary/files
once you get to the diretory containing the file you can rpm or untar or ungzip or edit or whatever you need to do with the file

[Jan]

Kevin Lim wrote:

> >I have downloaded the file , but i just cant figure out how
> to transfer it to the E->Smith. That is i can FTP it to the
> E-Smith but i cant find it on the E-Smith system.
>
> this is a newbie way to do it, somebody else (guru) can surely
> suggest something quicker. depends on where you ftp'ed it to.
> i use a similar method, i download the file using my w2k box,
> then ftp the file using my admin account, so i can put it into
> primary/files.  then i telnet into root on e-smith.  the file
> is then in /home/e-smith/files/primary/files once you get to
> the diretory containing the file you can rpm or untar or ungzip
> or edit or whatever you need to do with the file

And there it was    many thanks, Kevin  

Jan

[Bruce McNamara]

I was going to make an rpm top set all this up but we may
be onto E-Smith V99 before I get it going.

There seeed to be a need by a number of us to get this working sooner.

Thanks for helping Jan


Bruce

[Bruce McNamara]

Jan wrote:

> Bruce McNamara wrote:
>
> then I set the port forwarding to happen on startup, assuming
>> the following:
>>
>> External Firewall IP (Fixed) = 202.14.102.7 Internal Mail
>> Server IP = 192.168.1.9 Port to forward = 110 (POP)

>   Will that also work whit port ranges ?
>   and whit UDP ports?

I tried it for POP 110, SMTP 25, Imap 143, HTTP 80 & HTTPS 443
with sucess but haven't yet tried any others.

   > I added to the following template file:
   >
   > /etc/e-smith/templates/etc/rc.d/init.d....

Add the lines I listed just before the line that has
echo "done"

Hope this is of help.


Bruce

[Bruce McNamara]

Dan Brown wrote:

> Actually, you don't need to reboot the server--just run
> "service masq start" after the expand-template
> command.

Sorry I'm used to Micro$oft where just changing a comma somewhere needs a reboot!!

[Jan]

Bruce McNamara wrote:

> >   Will that also work whit port ranges ? >   and whit
> UDP ports?
>
> I tried it for POP 110, SMTP 25, Imap 143, HTTP 80 & HTTPS
> 443 with sucess but haven't yet tried any others.
>
> Bruce

Now I have installed ipmasqadm, and typed in the following in the root command promt (on telnet) :
ipmasqadm autofw -A -r tcp 28800 29000 -h 192.168.1.65
ipmasqadm autofw -A -r tcp 47624 47624 -h 192.168.1.65
ipmasqadm autofw -A -r tcp 2300 2400 -h 192.168.1.65
ipmasqadm autofw -A -r udp 2300 2400 -h 192.168.1.65

and it works great, so I guess it works for both tcp and udp ports  

The ports above is for playing games on msn gaming zone

Now i just got to figure those templates out, so i dont have to type it in after each reboot.

On a diffrent note, I tested the security on 2 sites, http://grc.com and http://dslreports.com
I am not sure what to think of it , has anyone else tryed this?

heres some of the results :
Port State Protocol Commonly
110 open     tcp         pop-3
113 open     tcp         auth
143 open     tcp         imap2
21 open      tcp          ftp
23 open      tcp          telnet
25 filtered   tcp          smtp
3128 open   tcp         squid-http
389 open    tcp          ldap
515 open    tcp          printer
548 open    tcp         afpovertcp
80 open      tcp         http

I dont like the Telnet and printer ports is wide open.


Regards  
Jan