iptables firewall lockup / NeoModus Direct Connect
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
iptables firewall lockup / NeoModus Direct Connect
Hello,
I have a linux firewall running Mandrake Linux 8.1 (Vitamin) which has been updated to the 2.4.8-34.1mdk kernel.
I am attempting to use the DirectConnect(DC) program made by NeoModus from a windows machine behind the firewall.
My problem:
For some reason the firewall will lock up after an unspecified amount of time....Some times it locks up in 5 minutes and other time 15 hours....I do not see these problems except when DC is running.
I have seen some hint of this problem when using Morpheus, a similiar file sharing program...
I originally was running DC is passive mode since I had not opened any ports on the firewall. After the lock up I enabled port forwarding and now run DC in active mode....The mode change did not have any affect on the lock ups.......Everything seems to work properly until the lock up.....
After the machine locks up...You must do a hard reset on the firewall...The ability to log in on the console is even lost....
Does anybody have any ideas of what may be going on...I am also open for any ideas on how to track this type of problem........
Hopefully someone can help me here, my skills with ipchains are pretty limited and i've yet to make the move to iptables (just upgraded from a 6.2 kernel recently).
I've tried a number of times now to get Neo-Modus DirectConnect to work in active mode on a networked windoze box behind my RH 7.1 box using PMFirewall (ipchains) as a base for rules. I am also running Portsentry with the ports mentioned below removed from the listen list in the config file.
forward and REDIRECT 'ing TCP and UDP ports 412 (DC's recommended ports) does not seem to work. I've tried disabling the firewall (masq only) without any success as well as shutting down portsentry.
I can connect to DC hubs but when I attempt to search for files no results are produced and my linux box is logging kernel messages denying connection attempts on eth0 (outer network) on port 412. Even though "ipchains -L" lists:
ACCEPT tcp ------ "external IP address" anywhere any -> 412
ACCEPT udp ------ "external IP address" anywhere any -> 412
Can you please explain how you got DC working in active mode from behind the firewall? How did you actually enable the portforwarding in the firewall (i tried doing a simple portforwarding on the http port to an internal machine but it doesnt work... any special kernel parameters?)
In regards to the lockup I found that it happened to me if the kernel buffer filled up. So that meant I had to do a hard reboot on the firewall machine.. This happens if you have anyrules that actually logs the packets to the system buffer...
Distribution: Whatever I feel like at the time I install.
Posts: 284
Rep:
What is your firewall script. You may have to accept packets from certain ports to make it work. I have an extensive firewall script (using iptables) and have successfully gotten an ftp server to work behind it. I would expect that you would have to do some of the same things.
Do you mind if I take a look at your firewall script. I am really lost on ideas here actually. I understand the rules, but am not too great at writing my own rules.
he he... i actually export my display to a windows machine and manage my router remotely... wouldnt feel happy about spending a super-machine one linux.. would be an overkill...
Distribution: Whatever I feel like at the time I install.
Posts: 284
Rep:
well . . . My linux router sits in a closet with a 5 dollar monochrome monitor. The monitor is just to verify every once in a while that something is working. I use ssh from remote on either this linux box or one of my windows machines to admin the router.
kill4u666: I think it is necessary to see your firewall script/rules in order to assess the problem. I have run a similar configuration with no problems. As for the people who want to know how to get DC to work behind a firewall or on a NAT'd network, I'll tell you how I accomplished this. In this example the Winbl0ze box has a private ip address of 192.168.0.2.
1) Direct Connect Configuration
Go to --> Settings --> Connection --> Advanced Networking Options
Select Active mode...duh
Where it says Force Direct Connect to report connections on this port...choose a port that you like...we'll use 666 in this example in honor of kill4u666, the owner of this thread.
Where it says Force Direct Connect to report this ip...put the GLOBAL ip address of the machine that is your router/firewall/NAT machine.
Part 1 is now done...unless I've forgotten something
2) Iptables configuration
On the Linux firewall/NAT box map port 666 for udp and tcp connections to the Winbloze dc box.
I think I figured out why port forwarding isn't working for me.
When I upgraded from a 2.2 to a 2.4 kernel (using up2date..oops) the basic kernel
installed iptables with ipchains support but did not include the ipchains port forwarding support in the kernel config or Makefile.
I tried rebuilding the kernel from source and found no mention of this capability (as far as ipchains is concerned) in the .config or the Makefile, so I am assuming that it is no longer supported or that it has to be added manually.....
So I tried switching to iptables via unloading ipchains and using loaded modules for iptables, but the system didn't seem to like that very much and had a nervous breakdown.
:smash:
got ipchains working again for the time being and now to figure out how to make the switch to iptables
I'm sure you probably tried that already, but I thought I'd mention it anyway. A lot of people upgrade their kernel just so they can have support for iptables...and I have to admit, it does totally kick arse.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.