Help with sf behind firewall.

Help with sf behind firewall.

[Tommy Moore]

Hi guys. I've got a litle problem here. I want ot be able to have speak
freely packets forwarded to a machine behind a firewall.
I tried this:
ipmasqadm autofw -A -r udp 2074 2075 -h 172.20.50.100
And I did this for ports 2075 4074 and 4075. Anything I'm doing wrong?

Re: Help with sf behind firewall.

[cpt.kirk]

The first thing I notice is that you are using out of date firewall
software. If you are using a recent kernel, then you should start using
ipchains. There is actually some good information on ipchains in the
manual, and the doc folder. 

Now, I may be wrong on this subject, but I believe if you are attempting
to have all packets forwarded to another machine all of the time you need
to get a port forwarding program. I can't say that I am familiar with the
speak freely program. If it establisheds the open port, then you shouldn't
need aditional rules for your firwall.

Kirk Wood
Cpt.Kirk@1tree.net
------------------

Why can't you be a non-conformist, like everybody else?

Re: Help with sf behind firewall.

[Geoff Shang]

Hi:

I beg to differ.  Ipmasqadm works fine for me, it is mentioned without
proviso in the ipmasquerading howto, and it even mentions ipchains in the
manpage.  Doesn't look out-dated to me.  Perhaps you are thinking of
ipfwadm?

Geoff.

Re: Help with sf behind firewall.

[cpt.kirk]

Geoff,

You are right, I was thinking of ipfwadm. But if he is to use your method,
he will still need to use a port forwarding program.

Kirk Wood
Cpt.Kirk@1tree.net
------------------

Why can't you be a non-conformist, like everybody else?

Re: Help with sf behind firewall.

[Geoff Shang]

Hi:

OK, am not quite sure what some of that means, but I'll give you my
suggestion.

Firstly, you only need to forward 2074 and 4074.  Forwarded ports are only
those that need to make it back to the internal host, and therefore only
need to be the ones that sfspeaker uses.  This might sound wrong to you,
but I've been behind a machine using the uredir program doing this and it
worked just fine.  So now I'll borrow a line I used to get buddyphone
working and modify it for your purposes.  I presume the IP you gave is your
internal machine.

ipmasqadm portfw -a -P udp -L `ipofif ppp0` 2074 -R 172.20.50.100 2074
ipmasqadm portfw -a -P udp -L `ipofif ppp0` 4074 -R 172.20.50.100 4074

OK, so what's the `ipofif ppp0` thing?  Well, ipofif is a debian script
that comes with the debian ipmasq package which gives the IP address of a
particular interface.  It's a pretty simple script and I include it below
for your interest and perusal.  Putting it in accents means that the output
of the script is to be used in the command line, pretty neat hey.  I don't
know if it actually needs to be there, but it doesn't hurt.

So this command simply says, forward this UDP port 2074 from the PPP0
interface to the internal machine on port 2074.  Pretty self explanatory.

I note that ipmasqadm uses different modules to get its jobs done, so the
autofw module may have different commandline options and thus might do (or
be close to doing) the above.  Then again, they might all use the same ones
in which case, it seems you were a bit off the mark.

Oh and consult the ipmasqadm man page as you need certain stuff compiled
into the kernel and it's all listed there which saves me trying to remember
it all.

Geoff.
Script follows:


#!/bin/sh
#
# ipofif	Determines the IP address of the interface given on the
#		commandline
#
# v1.0	19 July 1998
# v1.1  12 June 1999
#####

export LC_ALL="C"

/sbin/ifconfig $1 | grep 'inet addr:' | sed 's/.*inet addr:\([0-9.]*\).*/\1/g'