David Calkins on Tue, 30 Apr 2002 15:20:12 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] port forwarding question


Thanks to all for the replies :-)

First, let me state that with the 2.4 kernel series, you'ld be well advised to read up on IPTABLES and use that rather than IPMASK, and ipchains.  Works better and everybody is usually happier too.

However if you insist, open the Networking Options section

then select IP:Netfilter Configuration ---->


then select ipchains 2.2 support and ipfawdm 2.0 support, and you'll probably be able to follow the instructions.  Be sure whatever method you use to install a working firewall and test it with some of the tools available for doing that, if you're using it as a server, be paranoid and close off any services not absolutely necessary.  It's amazing how many times one can be scanned while up and running.

ok, I guess I'll give IPTABLES a try.  One concern I have is that I'm using the Roaring Penguin DSL client.  I'm not sure if thats aware of IPTABLES or not.  If not, I guess I just have to configure the masquerading manually.

#2 - use SSH forwarding
look at man ssh, but, I believe that the general syntax is something like
ssh -L localport:remote machine:remote port
and can be run from either the client or the server (although I think that this one works best from the client -- ie, not the firewall).
There is a way to set this up to automatically start on bootup. I know that someone else on the list knows a lot more about ssh than i do, so, I will let them answer (basically, I know that it exists but not how to do it).

I checked out ssh, however, this only appears to forward TCP connections.  I need to forward UDP traffic :-(

I'm using ipchains in 2.4 right now.
I am not sure exactly what to put, I just went into network_options in
menuconfig and checked all the masq and firewall stuff, also packet
filtering.
Then make the kernel. rh 7.2 std kernel has ipchains and iptables built
in.
I can send you my configfile for 2.4.16 if you'd like.
This is the ipchains firewall I use:
http://freshmeat.net/redir/plonk/4522/url_homepage/
Some people on the list will tell you to use iptables instead. I think
that they are right! I'm just too lazy to change. Yet. By 2.8 kernel, they
say that ipchains will be gone.

Are you using port forwarding though?  Do you use "ipmasqadm portfw" to setup the port forwarding?