[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Iptables PREROUTING



My setting is like this.

Internet --> BB router LAN interface(192.168.1.88) --> eth1(192.168.1.10) 
Linux box eth0(192.168.0.11) --> LAN (192.168.0.30) windows XP

I attached my laptop in BB router with IP 192.168.1.xx in order to test the 
forward. 

That means my test case is like this
Laptop(192.168.1.xx) --> BB router LAN interface(192.168.1.88) --> eth1
(192.168.1.10) Linux box eth0(192.168.0.11) --> LAN (192.168.0.30) windows 
XP  

Any hints?

Vincent

On Thu, 5 Feb 2004 12:48:36 -0300, Augusto S Amaya wrote
> For the netmeeting problem , maybe you would need to compile the 
[UTF-8?]> iptable
 module (h323) , i don織t remember if that織s the exact name.
> 
> For the rest , this is the correct map of the connection??
> 
> {INTERNET} <--------> WINDOWS XP <---------------> LINUX BOX <-------
> --->
 Laptop
> 
> Tell me if i got it right please , maybe i can help you.
> 
> --------------------------------------------------------------
> Augusto S Amaya
> Administrador Certif. Servidores Linux  - Dto. de Produccion de 
[UTF-8?]> Sistemas
 Per籀n 407    Conmutador: 6329-0000    Tel/Interno: 
> 4370/4371/4372 Fax:
 augusto.s.amaya@xxxxxxxxxxxxxxxxxxx
>  http://www.bancogalicia.com.ar
> 
>                       "Vincent Lee"                                  
>                                                                   
  
>                     <vincent.lee@vs-pro      Para:     "Augusto S 
> Amaya" <augusto.s.amaya@xxxxxxxxxxxxxxxxxxx>                       
 
>                      .com>                    cc: suse-
> security@xxxxxxxx                                                    
>           
                                               Asunto:  
>  Re: [suse-security] Iptables PREROUTING                             
>           
                      05/02/2004 11:46
> 
>                       a.m.
> 
> Dear Augusto,
> 
> Thanks for your suggestion.
> I already did that to enable the ip forward.
> 
> For the nemeeting, may be it is too difficult to discuss it right 
> now. Let
 me say in this way. I have setup my Windows XP to have IIS 
> on it. I tried
 to
 forward the traffic from 192.168.1.10:8081 
> (external interface of my linux
 box) to 192.168.0.30:80 (my windows 
> box). In between, I have eth0 internal
 interface of my linux box 
> with 192.168.0.11 in it.
> 
> Inside my linx box, I have this.
> 
> iptables -t nat -A PREROUTING -i eth1 -o eth0 -p tcp --sport 
> 1024:65535 -d
 192.168.1.10 --dport 8081 -j DNAT --to-destination 
> 192.168.0.30:80
 iptables -A FORWARD -i eth1 -o eth0 -p tcp --sport 
> 1024:65535 -d
 192.168.0.30 --dport 80 -m state --state NEW -j ACCEPT
> 
> However, if I try this on my laptop which is using 192.168.1.x (same
> segment
> with the external interface of my Linux box), I cannot get it work.
> 
> Any suggestion?
> 
> Best Regards,
> 
> Vincent
> 
> On Thu, 5 Feb 2004 11:54:48 -0300, Augusto S Amaya wrote
> > Dear Vicent  , first at all , sorry about my por english :)
> >
> > To enable ipfowarding just do write this in a console:
> >
> > /bin/echo "1" > /proc/sys/net/ipv4/ip_forward
> >
> > But , if the netmeeting port also is filtered by the firewall they
> > may not work.
> >
> > --------------------------------------------------------------
> > Augusto S Amaya
> > Administrador Certif. Servidores Linux  - Dto. de Produccion de Sistemas
> > Per鏮 407    Conmutador: 6329-0000    Tel/Interno: 4370/4371/4372
> > Fax: augusto.s.amaya@xxxxxxxxxxxxxxxxxxx http://www.bancogalicia.com.ar
> >
> >                       "Vincent Lee"
> >
> >                    <vincent.lee@vs-pro      Para:     SuSE Security
> > <suse-security@xxxxxxxx>
> >                  .com>                    cc:
> >
> >                                        Asunto:   Re: [suse-security]
> > Iptables PREROUTING
> >            05/02/2004 11:03
> >
> >                       a.m.
> >
> > Dear all,
> >
> > Thanks for your info. I try to enabled the ip forwarding function.
> > However,
> >
> > I still cannot pass it through.
> >
> > Internet traffic --> My boardband router (all WAN traffic) --> external
> > interface of my linux box (eth1, 192.168.1.x).
> >
> > Behind the Linux box with internal interface eth0 (192.168.0.x), I
> > have my Windows XP here. I want to know whether I can setup the MS
> > netmeeting or not?
> >
> > Best Regards,
> >
> > Vincent
> >
> > On Wed, 04 Feb 2004 13:48:58 +0200, Ray Leach wrote
> > > On Wed, 2004-02-04 at 00:46, Geoffrey wrote:
> > > > Vincent Lee wrote:
> > > > > Dear all,
> > > > >
> > > > > I am new to SuSE. I would like to setup the MS netmeeting for a
> > > > > computer which behind SuSE firewall. When I made change on the nat,
> I
> > > > >  cannot get it through. It seems that the IP forwarding is disabled
> > > > > by SuSE. Can anyone tell me how can I enable it?
> > > >
> > > > Yast -> Network devices -> network card -> change ->
> > > > edit -> routing -> enable ip forwarding
> > > >
> > > > It's a check box at the lower center of the window.
> > > >
> > > Or just edit /etc/sysconfig/sysctl
> > > and then restart your networking (/etc/rc.d/network restart)
> > >
> > > > --
> > > > Until later, Geoffrey                     Registered Linux User
> #108567
> > > > Building secure systems inspite of Microsoft
> > > --
> > > --
> > > Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
> > > Network Support Specialist
> > > http://www.knowledgefactory.co.za
> > > "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
> > > Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
> > > --
> >
> > --
> > Best Regards,
> >
> > Vincent Lee
> >
> > --
> > Check the headers for your unsubscription address
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > Security-related bug reports go to security@xxxxxxx, not here
> 
> --
> Best Regards,
> 
> Vincent Lee



--
Best Regards,

Vincent Lee


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here