Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: brookes on August 14, 2004, 12:47:38 PM
-
muzo,
Is it possible to use masq-manager to put holes through the firewall for a different NIC? In my case a satellite card that needs UDP:9205? I've tried tons of different iptables commands and while I can see the data hitting the satellite interface it does not seem to be passed across to the proxy software on the server. Here is a sample of the script I have been using.
/bin/echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -I INPUT 1 -v -p udp -m udp -m state -i sm200d --dport 9205 --state NEW,ESTABLISHED -j ACCEPT
iptables -I OUTPUT 1 -v -p tcp -m tcp -m state -o ppp0 --dport 9200 --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 1 -v -p tcp -m tcp -m state -i eth0 --dport 9202:9203 --state NEW,ESTABLISHED -j ACCEPT
Could anybody give me some ideas where I'm going wrong.
Stephan.
-
Hi brookes,
yes you can use masq-manager to put hole through your firewall :roll:
iptables -I INPUT 1 -v -p udp -m udp -m state -i sm200d --dport 9205 --state NEW,ESTABLISHED -j ACCEPT
I never hear talking about this interface.
-
Stephan - I was about to wrestle with installing my sm200D satellite card. Do you have drivers that will work with 6.0.1 kernel and if so can I have them please. Email me at brian@ihugREMOVETHIS.co.nz
Regards
brian
-
Brian,
E-mailed as requested. I have asked for a bit of space on contribs but suspect it's still being processed.
Muzo,
The sm200d is a satellite card that acts like another NIC. I have tried entering all the exclusions (holes) using masq-manager but to no avail. Would you say that the iptable commands I used should work? When I watch the rules and watch data hitting the interface (sm200d) no data is hitting the rule. How do I go about making sure the data coming from the sm200d is being forwarded to the eth0 or even to the proxy software running on the SME box?
Stephan.
-
I'm not sure that line with sm200d should work, but the others should work.
But a question, is SME installed on your satellite?
If yes, it must be recognize as a NIC, so appears as eth0 or eth1 or ppp0.
So, i think "sm200d" must not appears.
What say "ifconfig" command line?
-
The sm200d appears as another NIC just called something different. Here is the ifconfig :
Welcome to SME Server 6.0.1-01
[root@gateway root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:A0:C9:84:64:C1
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
EtherTalk Phase 2 addr:65280/67
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:427651 errors:0 dropped:0 overruns:0 frame:0
TX packets:459529 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:32279587 (30.7 Mb) TX bytes:491200919 (468.4 Mb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
EtherTalk Phase 2 addr:0/0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:588843 errors:0 dropped:0 overruns:0 frame:0
TX packets:588843 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:67915089 (64.7 Mb) TX bytes:67915089 (64.7 Mb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:203.173.37.116 P-t-P:203.173.37.4 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:3593 errors:0 dropped:0 overruns:0 frame:0
TX packets:3989 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:3420762 (3.2 Mb) TX bytes:408742 (399.1 Kb)
sl0 Link encap:Serial Line IP
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2060 errors:0 dropped:0 overruns:0 frame:0
TX packets:2587 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:131938 (128.8 Kb) TX bytes:169578 (165.6 Kb)
sm200d Link encap:Ethernet HWaddr 00:90:BC:01:36:05
inet addr:10.10.10.10 Bcast:10.255.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3010 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:843776 (824.0 Kb) TX bytes:0 (0.0 b)
As you can see it is as a NIC and even gets traffic. What do you reckon?
-
OK, i never see this, but i'm still a linux noob.
I can't help you, sorry. :cry:
But i'm interested. Just to be sure, it seem your SME boax has 3 interface?
-
Thats right 1xppp 1xeth and 1xsat now to get the routing and firewall sorted?
-
Ok,
I understand the problem now (informations just found my brain). So to answer your first question, no you can't use masq-manager, because i add opening and deny rule on ethX or ppp0 in your case. I didn't add a feature to choose interface.
I just understand iptables script with 2 interfaces, so 3 is new to me.
iptables -I INPUT 1 -v -p udp -m udp -m state -i sm200d --dport 9205 --state NEW,ESTABLISHED -j ACCEPT
This line say : incoming transmition from interface sm200d on port 9205 is accepted on SME (but not transmitted to internet). Is that what you want?
-
Satellite is only one way so traffic will only come down never up but the traffic coming down must be available to the software running on the server. I assume the software monitors 10.10.10.10 and forwards traffic from that ip address appropriatly. Perhaps I need to be allowing the ip address in some way?
-
I don't know :-?