RE: [Firestarter-user] firestarter 9.2 portforwarding
Brought to you by:
majix
From: Larry C. <net...@di...> - 2003-10-22 02:02:34
|
yes we have static IP addresses. grep ' DPT=2000 ' /var/log/messages returns nothing -----Original Message----- From: Oliver Schulze L. [mailto:ol...@sa...] Sent: Tuesday, October 21, 2003 1:20 PM To: Larry Clark Cc: fir...@li... Subject: Re: [Firestarter-user] firestarter 9.2 portforwarding Do you have an static public IP address? Beacuse if you pulbic IP changes, then IP forward will not work. Also, look the log like this: grep ' DPT=2000 ' /var/log/messages HTH Oliver Larry Clark wrote: here is whats in my /var/log/messages when I tail -f messages and then I hit th eserver from the webbrowser: Oct 21 10:15:26 mail kernel: IN=eth1 OUT= MAC=00:10:4b:22:49:6b:00:00:c5:73:fa:90:08:00 SRC=67.67.141.38 DST=67.94.77.197 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=5948 DF PROTO=TCP SPT=3550 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0 Oct 21 10:22:03 mail kernel: IN=eth1 OUT= MAC=00:10:4b:22:49:6b:00:00:c5:73:fa:90:08:00 SRC=68.75.47.197 DST=67.94.77.197 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=13096 DF PROTO=TCP SPT=4311 DPT=135 WINDOW=65280 RES=0x00 SYN URGP=0 Oct 21 10:22:06 mail kernel: IN=eth1 OUT= MAC=00:10:4b:22:49:6b:00:00:c5:73:fa:90:08:00 SRC=68.75.47.197 DST=67.94.77.197 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=13165 DF PROTO=TCP SPT=4311 DPT=135 WINDOW=65280 RES=0x00 SYN URGP=0 then I try telnetting to it on port 25 to see if its connecting at all to the mailserver behind the firewall, and the third line is what happens when I do that. the IP address 68.75.47.197 looks like an SBC ip addy, which my server at home is on the SBC global network. to its hitting the server, but not getting thru. -----Original Message----- From: fir...@li... [mailto:fir...@li...]On Behalf Of Oliver Schulze L. Sent: Tuesday, October 21, 2003 9:58 AM To: Larry Clark Cc: fir...@li... Subject: Re: [Firestarter-user] firestarter 9.2 portforwarding Do you have any entries in /var/log/messages? The config look good to me Good luck Oliver Larry Clark wrote: ok thats the way it was. I can redisable iptables no sweat firestarter was already enabled. and still no forwarding. -----Original Message----- From: Oliver Schulze L. [mailto:ol...@sa...] Sent: Tuesday, October 21, 2003 9:27 AM To: Larry Clark Cc: 'Jack Bowling'; fir...@li... Subject: Re: [Firestarter-user] firestarter 9.2 portforwarding Yo need to disable iptables with chkconfig and enable firestarter. Oliver Larry Clark wrote: I did a chkconfig --list and saw that iptables wasn't on, so I turned it on for the same levels as firestarter and now this is what I have: [root@mail larry]# /sbin/iptables -L -v -n | grep 2000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 67.94.77.192/26 tcp dpt:2000 0 0 ACCEPT udp -- * * 0.0.0.0/0 67.94.77.192/26 udp dpt:2000 10 480 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.14 tcp dpt:2000 0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.14 udp dpt:2000 [root@mail larry]# /sbin/iptables -t nat -L -v -n | grep 2000 3 144 DNAT tcp -- * * 0.0.0.0/0 67.94.77.192/26 tcp dpt:2000 to:192.168.0.14:2000 0 0 DNAT udp -- * * 0.0.0.0/0 67.94.77.192/26 udp dpt:2000 to:192.168.0.14:2000 there are a few added numbers, I am not sure if that makes a difference but I tried that as well and still not forwarded to the mail server internally. -----Original Message----- From: Jack Bowling [mailto:jb...@sh...] Sent: Monday, October 20, 2003 4:14 PM To: Larry Clark Cc: fir...@li... Subject: Re: [Firestarter-user] firestarter 9.2 portforwarding On Mon, Oct 20, 2003 at 11:26:09AM -0700, Larry Clark wrote: I have just installed FS .9.2 on redhat 9.x and I have used the portforwarding utility to forward outside traffic on port 2000 to port 2000 on my internal mail server. however it is not working, I can't get to my internal machine. I have been using FS for a few years now and this is the first time i have tried the version for gnome 2.0. any ideas? thanks. Hi, Larry. Please post the output of the following command to the list: /sbin/iptables -L -v -n | grep 2000 /sbin/iptables -t nat -L -v -n | grep 2000 -- Jack Bowling mailto: jb...@sh... ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Firestarter-user mailing list Fir...@li... https://lists.sourceforge.net/lists/listinfo/firestarter-user -- Oliver Schulze L. <ol...@sa...> -- Oliver Schulze L. <ol...@sa...> -- Oliver Schulze L. <ol...@sa...> |