Re: [Devil-Linux-discuss] port forwarding

[<tar...@r-...>]

What you experienced was because ip_forward has NOTHING to do with PORT =
forwarding. It has to do with IP forwarding eg. routing capabilities. If =
you check (the default) firewall.rules.2nic file, you will find:

# Stop forwarding while setting up.
echo "0" > /proc/sys/net/ipv4/ip_forward

this is where the script disables IP forwarding (for security reasons I =
belive), and at the end of the file you will find:

# Enabling IP forwarding.
echo "1" > /proc/sys/net/ipv4/ip_forward

At this point I suggest that you read more about iptables and get a feel =
for what it does. That's what I had to do just a few days ago. Belive me =
it's worth the time. For example:

http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html
and there are tons of documentation on http://www.netfilter.org

As for your problem: I already had some suggestions for you and now I =
can only suggest that you take my advice otherwise I will not be able to =
help you. If you have a hunch that the problem is DL related, set up a =
test environment like this:
- Take a client machine.
- Connect it to DL's external interface in some direct way like a =
crosslink cable or using a switch.
- Make sure they are configured to the same subnet, and that you are =
able to ping back and forth between them.
- Connect DL's internal interface to the network where the streaming =
server resides.
- Again, make sure they are configured to the same subnet, and that you =
are able to ping back and forth between the server and DL.
- Check if the server has DL's internal address set as it's default =
gateway, or at least it has a routing entry for the subnet on DL's =
external interface routed through DL's internal address
- Start Winamp on the client machine and add "DL's external IP":8007 to =
the playlist and turn on repeat, so Winamp tries continously to connect =
to the server
- Now you can start messing aroud with the firewall rules if you want =
to, if you have it, you'll hear it.

That's all for tonight,
bye, and good luck.

George Tarnai

----- Original Message -----=20
  From: ross paskett=20
  To: dev...@li...=20
  Sent: Sunday, April 23, 2006 9:07 PM
  Subject: Re: [Devil-Linux-discuss] port forwarding


  I never got my port forwarding working so I thought I would try again. =
 I have tested port forwarding on my DSL modem and it works.  I =
connected the target machine directly to the DSL line, and tested it =
from work and it worked.  So it must be a problem with my devil linux =
configuration.  I am sure my rules are correct in my firewall.rules =
file.  There was a line that set the file "ip_forward" to 0, so I =
commented that line, then I looked at "ip_forward" and made sure it was =
set to 1.  It was.  So tested again, and it didn't forward.  Again, my =
DSL modem/router is forwarding just fine, so it has to be something with =
my devil linux config.  Does anyone know of anything else I might need =
to do?

  Tarnai Gy=EF=BF=BDrgy <tar...@r-...> wrote:
    Interesting... I would approach this problem by checking if DL is =
really the problem in this case. You can do that by connecting your =
computer on the network between your DSL "modem" (which I assume is a =
broadband router actually) and DL, on the 192.168.0.xxx subnet, and try =
to connect to the stream through DL via it's external IP (192.168.0.3). =
If that doesn't work try moving the server to the same network and =
subnet and try if you can access it from the internet through your DSL =
modem. In this way you can make sure the problem is really with DL and =
not with your DSL modem.

    On the other hand there might be a problem with the firewall rules, =
for instance I'm not sure that ShoutCast servers are using TCP to stream =
media or it may be using TCP connections that don't work well in some =
NAT scenarios. May be worth to check that.

    Also I would check what does this DSL "modem" really do. DSL modems =
(at least here in Hungary) are devices that interfaces with the DSL =
network and allows to initiate the connection via PPPoE. DSL routers are =
devices where you can connect some form of internet connection (Fixed =
IP, DHCP or PPPoE client) via its WAN ethernet interface and routing or =
NATing it to client machines on the internal network via it's internal =
ethernet interface. Of course there are lots of devices now that are =
combining some or more of these features for ex.
    DSL interface routers or boadband routers with direct DSL connection =
so it is not straightforward what your device is capable doing not to =
mention that a lot depends on the internal software it is using.=20

    And at last but not least it would be better if you'd sent DL's =
exact network configuration (IP's, subnet masks, gateway, etc.) to check =
there's no problem there.

    Best regards:

    George Tarnai

      ----- Original Message -----=20
      From: ross paskett=20
      To: dev...@li...=20
      Sent: Friday, April 07, 2006 8:58 PM
      Subject: [Devil-Linux-discuss] port forwarding


      I am running an internet server on my local network. The server =
streams media through: ip is 192.168.1.7 port 8007.  I have port =
forwarding setup in my firewall.rules file, and I have turned it on my =
DSL modem.  On my DSL modem, the rule is:
      Forward ports 8000-8010 to machine 192.168.0.3(devil linux), then =
devil linux should forward connections on port 8007 to =
192.168.1.7(internal radio server), but when I try to connect to my =
machine from the outside world, it can't.  I can connect and stream my =
music internally, from windows or mac, just not from the outside world.  =
Internally, I just connect to 192.168.1.7:8007 in winamp, and it plays =
my music.  can someone help?  below is the port forwarding section of my =
firewall.rules file.

      # Uncomment/modify the next 4 lines to forward a service to an =
internal IP.
      SERVER_IP=3D192.168.1.7   # Internal IP of server.
      PORT=3D8007               # 22 =3D SSH.  Change to 80 for web =
server, etc.
      ${IPTABLES} -A PREROUTING -i ${OUT_DEV} -t nat -p TCP --dport =
$PORT -j DNAT --to ${SERVER_IP}:${PORT}
      ${IPTABLES} -A FORWARD -p TCP -d ${SERVER_IP} --dport $PORT -i =
${OUT_DEV} -o ${INT_DEV} -j ACCEPT



-------------------------------------------------------------------------=
-
      Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and =
30+ countries) for 2=EF=BF=BD/min or less.=20

-------------------------------------------------------------------------=
-
      Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. =
Great rates starting at 1=EF=BF=BD/min.



  ross paskett
  ras...@ya...


-------------------------------------------------------------------------=
-----
  Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ =
countries) for 2=A2/min or less.