Zhang Weiwu wrote at 2010-09-13 02:23 -0500:
> Thank you! Now that I tried it, te apf-client package proved very useful
> in my case. I followed your advice almost a year later because I was too
> busy with daily business and kept your email as "marked for personal
> todo" for a year or so.
Excell
Hi.
On 2009年11月12日 07:53, green wrote:
> Zhang Weiwu wrote at 2009-11-10 20:36 -0600:
>
>> Hello. I have a remote server inside a remote office covered by NAT
>> masquerade where port forwarding not possible, and a local server in my
>> local office not covered by NAT masquerade. In order to ac
Zhang Weiwu wrote at 2009-11-10 20:36 -0600:
> Hello. I have a remote server inside a remote office covered by NAT
> masquerade where port forwarding not possible, and a local server in my
> local office not covered by NAT masquerade. In order to access the
> remote office and hosts in that office,
On Wed, Nov 11, 2009 at 10:36:20AM +0800, Zhang Weiwu wrote:
> The problem of this solution is security. I do not want to grant shell
> access of local_server to remote_server. What would you recommend me
> to do in this case? I could try to limit access of the account used by
> remote server ssh
On Wed, Nov 11, 2009 at 10:36, Zhang Weiwu wrote:
> Hello. I have a remote server inside a remote office covered by NAT
> masquerade where port forwarding not possible, and a local server in my
> local office not covered by NAT masquerade. In order to access the
> remote office and hosts in that o
Alex Samad wrote:
> On Wed, Nov 11, 2009 at 10:36:20AM +0800, Zhang Weiwu wrote:
>
>> The problem of this solution is security. I do not want to grant shell
>> access of local_server to remote_server. What would you recommend me to
>> do in this case? I could try to limit access of the account u
On Wed, Nov 11, 2009 at 10:36:20AM +0800, Zhang Weiwu wrote:
> Hello. I have a remote server inside a remote office covered by NAT
> masquerade where port forwarding not possible, and a local server in my
> local office not covered by NAT masquerade. In order to access the
> remote office and hosts
Hi,
I think is better you use just:
# iptables -t nat -A PREROUTING --protocol tcp -d 216.138.195.194 --dport 27012
-j DNAT --to-destination 172.25.1.5:27012 --verbose
# iptables -t nat -A PREROUTING --protocol udp -d 216.138.195.194 --dport 27012
-j DNAT --to-destination 172.25.1.5:27012 --verb
Hi,
I think is better you use just:
# iptables -t nat -A PREROUTING --protocol tcp -d 216.138.195.194 --dport 27012
-j DNAT --to-destination 172.25.1.5:27012 --verbose
# iptables -t nat -A PREROUTING --protocol udp -d 216.138.195.194 --dport 27012
-j DNAT --to-destination 172.25.1.5:27012 --verb
At 1145804173 past the epoch, [EMAIL PROTECTED] wrote:
> On Sun, Apr 23, 2006 at 09:11:14AM -0500, Forrest Smith
> wrote:
> > The folks on the Shorewall project have done all this
> > for you:
>
> Does shorewall find and install the missing kernel
> modules. wherever they are? Or does it just use
[EMAIL PROTECTED] wrote:
>
> But it doesn't work.
>
> Lines like
>
> iptables -t nat -A PREROUTING --protocol tcp -d 216.138.195.194 --dport 27012
> -j DNAT --to-destination 172.25.1.5:27012 --verbose
> iptables -t nat -A PREROUTING --protocol udp -d 216.138.195.194 --dport 27012
> -j DNAT --t
On Sun, Apr 23, 2006 at 08:36:15PM -0700, charles norwood wrote:
> On Sun, 2006-04-23 at 14:56 -0400, [EMAIL PROTECTED] wrote:
> > On Sun, Apr 23, 2006 at 09:11:14AM -0500, Forrest Smith wrote:
> > > The folks on the Shorewall project have done all this for you:
> > >
> > > apt-get install shore
On Sun, 2006-04-23 at 14:56 -0400, [EMAIL PROTECTED] wrote:
> On Sun, Apr 23, 2006 at 09:11:14AM -0500, Forrest Smith wrote:
> > The folks on the Shorewall project have done all this for you:
> >
> > apt-get install shorewall
> >
> > F.S
>
> Does shorewall find and install the missing kernel m
On Sun, Apr 23, 2006 at 14:56:13 -0400, [EMAIL PROTECTED] wrote:
[...]
> Does shorewall find and install the missing kernel modules. wherever
> they are? Or does it just use iptables, whose docs say it tries to
> load them (but it is evidently not succeeding).
>
> I *have* the set of iptables
On Sun, Apr 23, 2006 at 09:11:14AM -0500, Forrest Smith wrote:
> The folks on the Shorewall project have done all this for you:
>
> apt-get install shorewall
>
> F.S
Does shorewall find and install the missing kernel modules. wherever
they are? Or does it just use iptables, whose docs say it
The folks on the Shorewall project have done all this for you:
apt-get install shorewall
F.S
On Sun, Apr 23, 2006 at 09:27:21AM -0400, [EMAIL PROTECTED] wrote:
> I'm running sarge on a vintage Pentium as a gateway machine for a home
> network.
>
> My machine was cracked last December and I r
On 2004-07-02, Antony penned:
> Hi all,
>
> If I have a router running iptables with NAT for a private IP network,
> there are two options if I want to have a public email server on the
> private network... 1) Set up an email server on the router that
> relays all mail to the private server.2) Por
On Fri, 2 Jul 2004 13:43:58 +0100 (BST), Antony <[EMAIL PROTECTED]> wrote:
> 1) Set up an email server on the router that relays all mail to the
> private server.2) Port forward (DNAT) port 25 to the private server.
>
> I don't like port forwarding, as it's always seemed like a kind of bodge,
> b
On Tue, Dec 16, 2003 at 09:06:44PM +0800, Brendan Bache wrote:
> I'm running debian woody on my gateway with the ipmasq package installed
> and I need to do some port forwarding. For instance, I need to forward
> some ports for BitTorrent running on a box on my LAN so I created a file
> /etc/ipmasq
On Thu, 2003-08-28 at 04:35, Jerome Lacoste wrote:
> Hi,
>
> a friend of mine has problems accessing a mail server from his company
> but he can access my server.
>
> I thought that I could enable port forwarding to solve his problem.
>
> E.g.
>
> D-S-MS
>
> He wants to access the mail serve
On 07/01/2003 09:32:48 Bas Zoetekouw wrote:
>> Hi Peter!
>>
>> You wrote:
>>
>> > i'm about to set up port forwarding on a firewall to be able to reach
>> > some hosts on the lan from the outside. i wish to use iptables
prerouting
>> > rules. my question is, is there a way to detect the port
On Tue, Jul 01, 2003 at 04:32:48PM +0200, Bas Zoetekouw wrote:
> PS: debian-security is not meant for discussing securing your
> firewall, but rather for reporting security vulnerabilities in
> Debian packages. The debian-user mailing list is more
> appropraite for this kind of qu
Hi Peter!
You wrote:
> i'm about to set up port forwarding on a firewall to be able to reach
> some hosts on the lan from the outside. i wish to use iptables prerouting
> rules. my question is, is there a way to detect the port forwarding,
> and/or get info about the host i forward to (ip addres
On Mon, Jun 03, 2002 at 12:23:58PM -0700, Vineet Kumar wrote:
| * Paul Johnson ([EMAIL PROTECTED]) [020603 08:34]:
| > iptables just confuses me at times.
| >
| > I'm trying to figure out how to forward all packets hitting this machine
| > on one port to a port on another machine inside my network
On Tue, 4 Jun 2002, Rudy Gevaert wrote:
> On Tue, Jun 04, 2002 at 07:14:31PM +0200, prover wrote:
> > I'M NOT MEMER OF YOUR MAILING LISTS.
>
> what's a MEMER?
>
> > WHY THIS MAILS COME TO ME?
> > EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS.
> >
> > CAN YOU DO SOMETHING WITH IT?
>
> Do
On Tue, Jun 04, 2002 at 07:49:39PM +0200, Rudy Gevaert wrote:
> On Tue, Jun 04, 2002 at 07:14:31PM +0200, prover wrote:
> > I'M NOT MEMER OF YOUR MAILING LISTS.
I got tired of this guy, so I bounce all his 'bounces'.
This procmail recipe does it:
:0
* ^X-Envelope-Sender: [EMAIL PROTECTED]
[EMAIL
On Tue, Jun 04, 2002 at 07:14:31PM +0200, prover wrote:
> I'M NOT MEMER OF YOUR MAILING LISTS.
what's a MEMER?
> WHY THIS MAILS COME TO ME?
> EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS.
>
> CAN YOU DO SOMETHING WITH IT?
Do you got dirt in your eyes? Every e-mail from this list has
I'M NOT MEMER OF YOUR MAILING LISTS.
WHY THIS MAILS COME TO ME?
EVERY DAY COME TO ME 200 MAILS FROM YOUR MAILING LISTS.
CAN YOU DO SOMETHING WITH IT?
THANK YOU.
- Original Message -
From: "Eric G. Miller"
To:
Sent: Tuesday, June 04, 2002 3:34 AM
Subject: Re:
On Mon, Jun 03, 2002 at 11:21:28AM -0700, ben wrote:
> On Monday 03 June 2002 05:01 am, Paul Johnson wrote:
>
> hey ballo, for the last couple of days, your posts are showing up as msg.pgp
> attachments; i.e., the attachments have to be viewed in order to see the msg.
Probably a function of the
On Mon, Jun 03, 2002 at 05:01:31AM -0700, Paul Johnson wrote:
> iptables just confuses me at times.
iptables confuses me all the time :))
> I'm trying to figure out how to forward all packets hitting this
> machine
> on one port to a port on another machine inside my network. I'm kinda
> stumpe
* Paul Johnson ([EMAIL PROTECTED]) [020603 08:34]:
> iptables just confuses me at times.
>
> I'm trying to figure out how to forward all packets hitting this machine
> on one port to a port on another machine inside my network. I'm kinda
> stumped.
$IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tc
On Monday 03 June 2002 05:01 am, Paul Johnson wrote:
hey ballo, for the last couple of days, your posts are showing up as msg.pgp
attachments; i.e., the attachments have to be viewed in order to see the msg.
ben
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". T
On 14 Aug 2001 13:17:45 +0100, Ben Tullis wrote:
> Hello folks.
> I am having some degree of trouble getting port forwarding to work
> seamlessly. The firewall is a potato box running ipchains and the default
> ipmasq scripts.
>
> I can manually run:
>
> ipmasqadm portfw -a -P tcp -L (current IP
Sorry about the blank post. Still getting used to evolution. I was
wondering if I could see the ipchains -L -v, netstat -M and uname -a
output from the machine in question.
--mike
On 06 Aug 2001 11:18:25 -0500, Michael Heldebrant wrote:
> On 06 Aug 2001 12:07:45 -0400, Mike McGuire wrote:
> > On
On 06 Aug 2001 12:07:45 -0400, Mike McGuire wrote:
> On Sun, Aug 05, 2001 at 02:36:45PM -0400, Michael P. Soulier wrote:
> > Hey people.
> >
> > I'm trying to set up port forwarding to permit file sharing with napster
> > from behind my firewall. So, looking up a friendly howto, I then en
On Sun, Aug 05, 2001 at 02:36:45PM -0400, Michael P. Soulier wrote:
> Hey people.
>
> I'm trying to set up port forwarding to permit file sharing with napster
> from behind my firewall. So, looking up a friendly howto, I then entered this:
>
> rabbit:~# ipmasqadm portfw -a -P tcp -L 24.1
On Sun, Aug 05, 2001 at 10:21:10PM +0100, P Kirk wrote:
> I hate to say this but I have no idea why it works but if you leave the
> PC turned on all night, come the morning, lots of files have been
> uploaded. So it works but I don't know why.
Well, I have forwarding enabled in much the same
On Mon, Aug 06, 2001 at 12:02:57AM +0100, P Kirk wrote:
> Actually those 2 lines are my full set of firewall rules. Just waiting
> for someone to show how they can be breached before I go for a more
> complex setup ;-)
Depends on what you're running I suppose. Some windows boxes might be more
On Sun, Aug 05, 2001 at 09:57:33PM +0100, P Kirk wrote:
>
> [EMAIL PROTECTED]:~$ cat /etc/init.d/firewall
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> /sbin/ipchains -P forward DENY
>
> /sbin/ipchains -A forward -i ppp0 -s 192.168.0.0/24 -j MASQ
But doesn't this just masquerade the out
This is appallingly primitive but it works for all services like Napster
ICQ and so on.
[EMAIL PROTECTED]:~$ cat /etc/init.d/firewall
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i ppp0 -s 192.168.0.0/24 -j MASQ
ipchains is in effect a fr
Actually those 2 lines are my full set of firewall rules. Just waiting
for someone to show how they can be breached before I go for a more
complex setup ;-)
| > /sbin/ipchains -A forward -i ppp0 -s 192.168.0.0/24 -j MASQ
|
| But doesn't this just masquerade the outgoing connection, and responses?
| This won't help if a PTP client tries to initiate a connection with me while
| I'm behind the firewall.
|
I hate to say this but I have no idea why
Hi Peter!
> ipmasqadm portfw -a -P tcp -L extIP 80 -R 192.168.1.3 80
>
> extIP is my IP if ya didnt catch on ;) but when I try to connect to
> the router on port 80 it just hangs there.. saying contacting server..
> but if I go straight to 192.168.1.3 it loads very well.. Any ideas on
> what is c
On Thu, Jan 27, 2000 at 12:37:13PM -0800, aphro wrote:
> if its simple port redirection you could try rinetd, its a snap to setup,
> i dont think it performs well under high load though it works great
> though.
Yes, but I think port forwarding woul do a better job for me. It has been no
problem so
if its simple port redirection you could try rinetd, its a snap to setup,
i dont think it performs well under high load though it works great
though.
nate
On Thu, 27 Jan 2000, Michael Meskes wrote:
meskes >On Thu, Jan 27, 2000 at 02:06:01PM +0100, Fitsch wrote:
meskes >> > Perhaps you try someth
On Thu, Jan 27, 2000 at 02:06:01PM +0100, Fitsch wrote:
> > Perhaps you try something wrong, or I don't understand your setup. In
> > common Port Forwarding is used to redirect traffic from the outside to
> > an internal host behind your firewall. (e.g. webserver) this internal
> > host may have an
Fitsch wrote:
>
> Michael Meskes wrote:
> >
> > Could anyone send me a working example of port forwarding? I just tried to
> > get it going to no avail.
> >
> > I test setup has a firewall connecting 172.26.14.0/24 and 172.26.2.0/24
> > doing nothing but routing. Now i want it to redirect some por
47 matches
Mail list logo
