Autor Téma: Presmerovani portu pres Firehol (Přečteno 1993 krát)

parm · « **kdy:** 28 Prosince 2006, 14:26:00 »

Prosim o radu. Mam Ubuntu jako router pripojeny na net za nimz mam stanice s WIN XP. Routovani resim pres firehol. Potreboval bych poradit, jak mam presmerovat port 3389 a 3350 na stanici s IP 192.168.1.52 pres forehol, abych mohl pouzivat vzdaleno plochu a jeste jine aplikace bezicich na XP z venku.

Vypis firehol.conf:
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 5

# Accept all client traffic on any interface
# interface any world
# client all accept

DEFAULT_CLIENT_PORTS="1024:65535"
FIREHOL_NAT="1"

server_icq_ports="tcp/5190"
client_icq_ports="default"

interface eth1 internal
protection strong 10/sec 10
policy drop
server dns accept
server netbios_ns accept
server netbios_dgm accept
server netbios_ssn accept
server samba accept
server squid accept
server icmp accept
server ping accept
server http accept
client all accept

interface eth0 external
protection strong 10/sec 10
policy drop
server icmp accept
server ping accept
server ssh accept
client dns accept
client icmp accept
client ping accept
client telnet accept
client http accept
client https accept
client ftp accept
client ntp accept
client ssh accept
client icq accept
client jabber accept
client webcache accept

router internal2external inface eth1 outface eth0
masquerade
route all accept

Zkousel jsem pridat routovani primo pres iptables
iptables -t nat -A PREROUTING -i eth0 -p tcp -d ve.rejna.ad.resa --dport 3389 -j DNAT --to 192.168.1.52:3389
iptables -t nat -A PREROUTING -i eth0 -p tcp -d ve.rejna.ad.resa --dport 3050 -j DNAT --to 192.168.1.52:3050

taky jsem zkousel

nat to-destination 192.168.1.52 proto tcp dport 3389
nat to-destination 192.168.1.52 proto tcp dport 3050

firehol sice restartuje bez problemu, vzdalena sprava ovsem nefunguje. Nevim jestli je nutne jeste neco nekde nastavit. Diky za pomoc.

LS · « **Odpověď #1 kdy:** 28 Prosince 2006, 20:33:29 »

Ty posledni radky by mely fungovat, zkuste kdyztak misto nat to-destination pouzit prikaz dnat. Umi forwardovat libovolny port do vnitrni site, a to klidne i na jiny port cilove stanice. Videl bych to asi takhle:

Kód: [Vybrat]

dnat to 192.168.1.52:3389 inface eth0 proto tcp dport 3389
dnat to 192.168.1.52:3050 inface eth0 proto tcp dport 3050

Pri pokusu o spojeni zvenku si zkuste na routeru otevrit log prikazem

Kód: [Vybrat]

tail -f /var/log/kern.loga sledujte, co se deje.

parm · « **Odpověď #2 kdy:** 29 Prosince 2006, 10:41:37 »

Vypis z logu:
Dec 29 10:35:11 MPM kernel: [ 2317.517131] 'PASS-unknown:'IN=eth0 OUT=eth1 SRC=xxx.xxx.xxx.xxx DST=192.168.1.52 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=1615 DF PROTO=TCP SPT=63819 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0

z toho usuzuji, ze k presmerovani portu patrne dojde, ale spojeni mezi Windows se nenavaze. Napada Vas jeste neco? Patrne, tam budu muset zajet a podivat se na to na miste.

Autor Téma: Presmerovani portu pres Firehol (Přečteno 1993 krát)

parm

Presmerovani portu pres Firehol

LS

Presmerovani portu pres Firehol

parm

Presmerovani portu pres Firehol