[NTLUG:Discuss] IP NAT question

Daniel Hauck xdesign at hotmail.com
Tue Sep 18 17:27:53 CDT 2001 

Actually, that is an option.  I've done that before.

Observe the following:

# added 16JUN2001 to allow Ed remote PC Anywhere access to his machine
/usr/sbin/ipmasqadm portfw -a -P tcp -L 63.xxx.xxx.xxx 5631 -R 192.168.0.2
5631
/usr/sbin/ipmasqadm portfw -a -P tcp -L 63.xxx.xxx.xxx 5632 -R 192.168.0.2
5632
/usr/sbin/ipmasqadm portfw -a -P udp -L 63.xxx.xxx.xxx 5631 -R 192.168.0.2
5631
/usr/sbin/ipmasqadm portfw -a -P udp -L 63.xxx.xxx.xxx 5632 -R 192.168.0.2
5632

I gleaned the port information from Symantec's web site somewhere.  The KEY
to this is in regard to routing from the PCAnywhere host!!  If your gateway
box is not the same as the PCAnywhere IP address then that is the crux of
your problem because even though requests are coming in through one IP
address, the responses and outbound data are going out through another which
is bound to confuse the PCAnywhere client into not working.  So there are
two choices.  Either (a) set the default route on the PCAnywhere machine to
be the same as the machine forwarding or (b) create a special route to the
IP addresses using the second router in cases where the destination IP
address is known.  (B only works effectively when the remote client IP
address is known and fixed.)  The easiest answer is option (a).  After that,
things should run smoothly.

----- Original Message -----
From: "Jay Urish" <j at yourlinuxguru.com>
To: <discuss at ntlug.org>
Sent: Tuesday, September 18, 2001 5:20 PM
Subject: Re: [NTLUG:Discuss] IP NAT question


> At 05:07 PM 9/18/2001 -0500, you wrote:
> >It would be easier to simply add another network card and string ethernet
to
> >the box if you want to fully expose the internal box to the internet.
But
> >even in RedHat's case (and in the case of many other distros) they are
> >disabling all services by default allowing you to determine specifically
> >which services are enabled.  What would be the advantage of not
specifying
> >forwarding rule by individual port?  Surely you are not intending to run
> >both important services and client tasks on the same box are you?  And
> >asside from H.323 applications, I have yet to find something I can't run
> >from behind a Linux firewall.
>
> Here is the deal,
> There are 4 seperate boxes that are hooked to some electronic
> test equipment. The vendor wants pc anywhere access to these boxes as well
> as the ability to map drives over the net. (I know-- Its hella stupid)
>
> Mapping ports isn't really an option. These guys want to be able to punch
in
> an IP and go.
>

More information about the Discuss mailing list