can is send multiple ports out through one port on CentOS via iptables?
Thanks for looking at this post.
I am trying to make Hamachi work seamlessly in a small office. By the bosses orders I can only allow ports open per machine and all others closed. The problem is that the linux version of Hamachi cannot specify the TCP port. Windows versions are able. When Hamachi tries to connect to the VPN mediation server, it uses a TCP connection with a variable port. Afterward the tunneling happens on a UDP connection. I can open the port for UDP, but when the linux box tries to get peer information from the mediation server it sends out some request through ###.###.###.###:30000-60000 (guess of dynamic range), but this is blocked by the router on the way back. At present, I have seen that this contact normally takes place through ports between the guess above so I have set a trigger on the router firewall to allow this short communication. But this is borderline with the boss. The boss really wants all ports shut except for the individual communication port for each VPN host. My question is Can I use some iptables to force the request from my linux host out to the mediation server through the available port? Maybe it looks like this: Code:
|-30000-| |
Port opening
Hi there.
I'm not sure I remember this correctly but you should be able to use established related commands. Don't remember exactly how to use it, would have to take a look at my iptables but I hope this will give you an idea. Regards, Odinn Burkni |
You can configure a static UDP port in linux. The TCP port does not matter.
http://logmeinwiki.com/wiki/Hamachi:...coming_traffic |
Thanks for the encouraging words.
Thanks Odinn, I have been trying to understand Iptables for this, but have not had a lot of time. Since my trigger hack is working now, I am trying to manage some other thing at the moment. If you come by any clues in your free time please post.
Thanks too Michealk, I have that UDP according to Hamachi set up and it does work for the data tunnel on the 5.*.*.* ip addresses. But there is one step in Hamachi's communication that goes via TCP. I will show some clips from a 'hamachi start debug session' that may keep the issue cleared up. Code:
[root@myhost ~]# hamachi start debug Not long after (about 1 minute) I lose the connections. Notice the 'io_ready' step. My host has lost the ip. Code:
11 11:29:39.637 [3351] [14709] ses: connecting to 69.25.21.229:12975 .. Thanks again for your help. By the way, I have used the iptables with Code:
-A POSTROUTING -o ham0 -j MASQUERADE |
Established related.
Hello again.
Not sure if it's the right one but you could try this: Code:
-A FORWARD -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT http://www.kalamazoolinux.org/presen...conntrack.html Regards, Odinn Burkni |
All times are GMT -5. The time now is 07:46 PM. |