diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/2012-September/008649.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/2012-September/008649.html | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/2012-September/008649.html b/zarb-ml/mageia-discuss/2012-September/008649.html new file mode 100644 index 000000000..90789e5e1 --- /dev/null +++ b/zarb-ml/mageia-discuss/2012-September/008649.html @@ -0,0 +1,135 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] Setting up a port forward + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Setting%20up%20a%20port%20forward&In-Reply-To=%3C3500051.QnmWVzEMvJ%40localhost%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="008656.html"> + <LINK REL="Next" HREF="008650.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] Setting up a port forward</H1> + <B>AL13N</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Setting%20up%20a%20port%20forward&In-Reply-To=%3C3500051.QnmWVzEMvJ%40localhost%3E" + TITLE="[Mageia-discuss] Setting up a port forward">alien at rmail.be + </A><BR> + <I>Sat Sep 1 00:39:45 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="008656.html">[Mageia-discuss] Setting up a port forward +</A></li> + <LI>Next message: <A HREF="008650.html">[Mageia-discuss] Kristoffer Grundström vill lägga till dig på Zoosk! +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8649">[ date ]</a> + <a href="thread.html#8649">[ thread ]</a> + <a href="subject.html#8649">[ subject ]</a> + <a href="author.html#8649">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Op vrijdag 31 augustus 2012 20:23:02 schreef Anne Wilson: +><i> On 31/08/12 16:28, AL13N wrote: +</I>><i> > Op vrijdag 31 augustus 2012 12:41:37 schreef Anne Wilson: I need to +</I>><i> > set up ssh in such a way that it comes in on a high port, say 5122 +</I>><i> > which is forwarded to 22 - or otherwise to have ssh listen on 5122. +</I>><i> > I assume this is beyond MCC, and will entail editing iptables. This +</I>><i> > is not something I'm familiar with. Can someone please advise me? +</I>><i> > +</I>><i> > Anne +</I>><i> > +</I>><i> > better to put it in shorewall: +</I>><i> > +</I>><i> > use the /etc/shorewall/rules file... on top of the file (and man +</I>><i> > shorewall- rules) is documented... +</I>><i> +</I>><i> I'd love to - but I'm not having much success. After much reading of +</I>><i> man pages (largely gobbledegook if you don't already know it) and +</I>><i> tutorials from +</I>><i> <A HREF="http://runtime.bordeaux.inria.fr/oaumage/oa/Teaching/ARSA_06/Shorewall/">http://runtime.bordeaux.inria.fr/oaumage/oa/Teaching/ARSA_06/Shorewall/</A> +</I>><i> (much +</I>><i> easier to understand) I ended up adding lines like +</I>><i> +</I>><i> DNAT net loc:192.168.0.40 tcp 143 5143 +</I>><i> DNAT net loc:192.168.0.40 tcp 22 5122 +</I>><i> +</I>><i> An attempt to restart seems to imply that I can't forward two +</I>><i> addresses like this, so I assume I'm on the wrong track altogether. +</I>><i> +</I>><i> Before adding those lines I used to get +</I>><i> +</I>><i> ssh: connect to host 192.168.0.40 port 5122: Connection refused +</I>><i> +</I>><i> Now it just hangs. +</I>><i> +</I>><i> Depressing :-( This worked so easily and perfectly with the old, +</I>><i> unreliable LinkSys router. Now I have to find a way to configure it +</I>><i> on local firewalls, and frankly I'm simply not up to it. +</I> +i also saw that DNAT is for port forwarding to another machine in the lan, +while REDIRECT is for port forwarding on the firewall itself + +so: + +#ACTION SRC DST PROTO DPORT SPORT +REDIRECT net 22 tcp 5122 - + +(man page mentions that DEST parameter in case of REDIRECT can be $FW::port, +but can also be only the port where it should be forwarded TO. + +if 192.1680.40 is indeed your shorewall FW ip for that machine. + + +source port is not something you'll be using, almost never used. (your last +column) + +no offense, it seems to me that you're lacking some basic networking and +firewalling knowledge to really understand what you're trying to do. If you +want to learn such things, you could probably read up on the low-low basics of +networking. (often people have middle understanding, but not the low basics, +so they then mash up different things together.) + +in this case, remember the following: + +for tcp/udp, every ip packet has a source ip and dest ip. but also a source +port and a dest port (iow: the dst has an ip and port it listens on; and the +src has an ip and uses a source port to send it from, often in case of TCP, +the reply has everything in reverse, including the ports) + +ex: +192.168.0.50:54134 --> 192.168.0.40:22 (user sends 'echo hello world') +192.168.0.40:22 --> 192.168.0.40:54134 (server sends back 'hello world') +192.168.0.50:54134 --> 192.168.0.40:22 ... + +also, to debug networking issues: tcpdump is a good program for it, you can +see all the traffic that passes through an interface. + +good luck +</PRE> + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="008656.html">[Mageia-discuss] Setting up a port forward +</A></li> + <LI>Next message: <A HREF="008650.html">[Mageia-discuss] Kristoffer Grundström vill lägga till dig på Zoosk! +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8649">[ date ]</a> + <a href="thread.html#8649">[ thread ]</a> + <a href="subject.html#8649">[ subject ]</a> + <a href="author.html#8649">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |