Tugger the SLUGger!SLUG Mailing List Archives

RE: [SLUG] ipfwadm


Thanks Marty,
When you said it was really easy I thought "sure sure" but that was amazingly easy to setup and write out rules for, installed and configured in about 3 mins and that's including downloading and reading the README and man file. From reading through the man file, and could not find any mention of how it interacts with other software such as ipfwadm or ipchains. What happens if you deny something in one program and then allow it in the other? Does it let it through or does the program that is denying the particular connection stop it when it is it's turn to filter the packets? I only ask because easy to install usually means easy to circumvent.

Terry, I'd checked the slug archives already and couldn't find any articles that addressed this problem (just lots of hits on articles saying "you could use ipfwadm"). Thanks anyway.

Paul
At 12:36 AM 20/02/2001 +1100, you wrote:
Hi Paul,

Have you met rinetd? Its a really easy way of portforwarding without using
ipfw or ipchains. I have a copy available for download at
www.netwaynetworks.com.au/files/linux/rinetd_tar.tar

Cheers,
Marty


On Monday, February 19, 2001 10:48 PM, Paul Robinson
[SMTP:p_d_robinson@xxxxxxxxxxxxxxxx] wrote:
> Hi guys,
>       I've been trying to get my head around some old rulesets for ipfwadm
as I
> want to add the feature of forwarding everything sent to say 8088 on my
> firewall to a particular machine inside my network 192.168.0.2
>
> What I've tried so far is the following:
>
> #Forward Web connections to your web server
> /sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 8088 -D 192.168.0.2 80
>
> #Forward Web Connections to outside Web Server
> /sbin/ipfwadm -F -a accept -b -P tcp -S 192.168.0.2 80 -D 0.0.0.0/0
1024:65535
>
>
> I've also tried it with mas in place of accept to no avail. It's been
close
> to 2 years since I've had to mess with this and the tucows howto's (what
> used to be linux-HOWTO) don't seem to have the howto for it anymore.
>
> can anyone write out the rules required for this action or point me in the

> direction of any good faq's/howto's.
>
> nb. I'd rather not install ipchains atm as it would mean rewriting all my
> current rules (unless it's a snap on a 2.0.36 kernel)
>
> Thanks,
> Paul
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug