Jump to content

Routing, port forwarding and networking.

Guest englishpremier

By Guest englishpremier
in Networking

 Share

Recommended Posts

Guest englishpremier

Guest englishpremier

Posted
Posted (edited)

I'm a linux noob, recently installed mandrake 10 on a k6-II machine which i want to act at a router for my other two PC's. The current setup is as follows:

 

1Mb NTL----> Linux box (mandrake 10)------> switch----->PC1/2

 

I used the madrake connection sharing wizard and all computers have internet access. The problem is that for specific programes i need to open and forward certain ports. As despite me turning the Mandrake firewall off, whenever i test the ports it still says they are firewalled.

 

How do i open and forward ports to my Winxp clients in Mandrake10?

 

I'm using KDE if that make any difference.

 

Edit: before you send me there i read the stick last night and have done a search to no avail.

Edited by englishpremier
Link to comment
Share on other sites
paul Platinum

paul

Posted
Posted

mandrake uses shorewall as a front end to IPtables.

 

I would ditch the idea of using the wizards, and go straight to the the source

read thru the docs at shorewall, and you should discover that it is fantastically easy.

to creat a masqueraded network .. edit /etc/shorewall/masq

#       Example 1:
#
#                 You have a simple masquerading setup where eth0 connects to
#                 a DSL or cable modem and eth1 connects to your local network
#                 with subnet 192.168.0.0/24.
#
#                 Your entry in the file can be either:
#
#                       eth0    eth1
#
#                 or
#
#                       eth0    192.168.0.0/24

 

you want to open ports then check out /etc/shorewall/rules

################################################################################
####################
#ACT            SRC     DEST                    PROTO   DEST    SRC     ORIGINAL        RATE    USER
#                                                       PORT    PORT(S) DEST            LIMIT   GRP
REDIRECT        local   3128                    tcp     80      -       !192.168.1.0/24
DNAT            wave    local:192.168.1.3       tcp     80      -
DNAT            wave    local:192.168.1.2       tcp     110     -

 

pretty easy really :)

Link to comment
Share on other sites
Guest englishpremier

Guest englishpremier

Posted
Posted (edited)

didn't work and now on start up i get an error (something about line 89 which i haven't changed and there was nothing there anyway) and it states that surewall has failed.

 

As a result it seems the other PCs on the network can no longer access the internet.

 

here is what is at the bottom of etc/shorewall/masq:

 

#INTERFACE SUBNET ADDRESS

eth0 192.168.0.0/255.255.255.0

DNAT net loc:192.168.0.100:80 tcp 80

DNAT net loc:192.168.0.100:800 tcp 800

DNAT net loc:192.168.0.100:666 udp 666

#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

 

 

All i want is for the linux box to act as a router and forward ports 80 (tcp) 800(tcp) 666(udp) to the internal IP address of 192.168.0.100.

 

How do i do that?

Edited by englishpremier
Link to comment
Share on other sites
Guest englishpremier

Guest englishpremier

Posted
Posted

on start it says the error is in rc5.d/S03Shorewall line 89

 

I have not touched this file at all so it should be working just as it did before. Anyway this seems to be stoping shorewall on loading at the start.

 

Line 89 of rc5.d/S03Shorewall reads as follows:

 

esac

 

 

I'm getting quite frustrated now as i still don't have conection sharing abilities like i did before all this. Can't the firewall be completely disabled, would that allow the ports i require to be reachable?

Link to comment
Share on other sites
paul Platinum

paul

Posted
Posted
here is what is at the bottom of etc/shorewall/masq:

 

#INTERFACE        SUBNET  ADDRESS

eth0 192.168.0.0/255.255.255.0

DNAT      net        loc:192.168.0.100:80  tcp  80

DNAT      net        loc:192.168.0.100:800  tcp  800

DNAT      net        loc:192.168.0.100:666  udp  666

#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

 

 

DNAT rules should not be in the masq file .. .they should be in the rules file

Link to comment
Share on other sites
Guest englishpremier

Guest englishpremier

Posted
Posted (edited)

duh, next time i'll read your post properly, cheers.

 

i think it works now. is it just a case of copying the text i wrote in the masq file and pasting it in the rules file?

Edited by englishpremier
Link to comment
Share on other sites
  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...