Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
11-21-2001, 09:15 AM
|
#1
|
|
Member
Registered: Nov 2001
Location: Sweden
Distribution: GNU/Linux since -97
Posts: 149
Rep: 
|
Direct connect and Ipchains
Hi.
I have trouble with ipchains on my server.
I can use ftp, ssh and more on my client but i'cant use DC, very strange :-(
What could the correct chain look like to put DC on the internet ?
Thanks
//Fredrik
|
|
|
|
|
11-21-2001, 11:24 PM
|
#2
|
|
Member
Registered: Apr 2001
Location: Bombay ( INDIA )
Distribution: RedHat 7.x
Posts: 218
Rep:
|
What is DC ?
Hi ,
It would help if you could specify what is DC ?
Regards ,
Xanthium .
|
|
|
|
|
11-22-2001, 12:54 AM
|
#3
|
|
Member
Registered: Nov 2001
Location: Sweden
Distribution: GNU/Linux since -97
Posts: 149
Original Poster
Rep:
|
DC = Direct Connect
Direct Connect |
|
|
|
|
11-23-2001, 06:22 AM
|
#4
|
|
Member
Registered: Apr 2001
Location: London
Posts: 408
Rep:
|
From FAQ of DC:
----------
By default, Direct Connect Uses port 412 for TCP and UDP data. This can be changed in the Direct Connect settings.
To make Direct Connect work properly with your NATing router, you must enter your routers WAN IP address in Direct Connects "Force Direct Connect to report this IP address" text box, and check associated check box.
-----------
So you'll need to add some rules to ipchains to allow port 412 to go out or inbound it doesn't say.
What you need to do is install DC and make sure nothing else is running, then fire it up and ask it to connect. 1 second after that, you type this on the Linux box.
ipchains -L -M -n
That will show you what connection it's requesting.
If unsure of what's happening post it here along with your other rules for ipchains and I'll show you the correct line to enable it.
/Raz
|
|
|
|
|
11-23-2001, 06:42 AM
|
#5
|
|
Member
Registered: Nov 2001
Location: Sweden
Distribution: GNU/Linux since -97
Posts: 149
Original Poster
Rep:
|
Thanks.
I typed ipchains -L -M -n and the output was this:
IP masquerading entries
prot expire source destination ports
UDP 02:07.32 192.168.0.2 212.181.52.2 1026 (61020) -> 53
UDP 02:07.32 192.168.0.2 212.181.52.2 1026 (61020) -> 53
212.181.52.2 is my gateway and 192.168.0.2 is my client with DC.
I tried several times to connect with DC but the output was the same all times.
Strange ?..........
|
|
|
|
|
11-23-2001, 08:27 AM
|
#6
|
|
Member
Registered: Apr 2001
Location: London
Posts: 408
Rep:
|
ok that's showing you that your client has asked the DNS server to resolve a domain to an IP address.
Nothing to indicate that the DC software is getting out.
What are your rules for the firewall as it could deny the port even from your internal client.
type
ipchains -L -n
/Raz
|
|
|
|
|
11-23-2001, 09:15 AM
|
#7
|
|
Member
Registered: Nov 2001
Location: Sweden
Distribution: GNU/Linux since -97
Posts: 149
Original Poster
Rep:
|
Hi.
Check this file out, it is the one I'm using.
My firewall
Thanks again 4 your help
//FredrikN |
|
|
|
|
11-23-2001, 09:38 AM
|
#8
|
|
Member
Registered: Apr 2001
Location: London
Posts: 408
Rep:
|
ok I've got the file.
You can remove the link now.
I'll have a read and get back to you.
/Raz
|
|
|
|
|
11-24-2001, 05:24 AM
|
#9
|
|
Member
Registered: Nov 2001
Location: Sweden
Distribution: GNU/Linux since -97
Posts: 149
Original Poster
Rep:
|
Hi again , did you figure it out yet ?
Maybe it will be easier to just allow and accept everything while I'm using Direct connet.
Do you know how that chain will look like that accepts anything -> anywhere on my 192.168.0.1 -> 192.168.0.2 network ??
Thanks //FredrikN
|
|
|
|
|
11-24-2001, 08:40 AM
|
#10
|
|
Member
Registered: Apr 2001
Location: Bombay ( INDIA )
Distribution: RedHat 7.x
Posts: 218
Rep:
|
DC ?
Hi Fred ,
Sorry for responding late .
UC iam not in US so dont know what DC is ? Some sort of ISP ?
Anyway it is not a good idea to let every thing IN into ur network .
What u can do is allow data related to specific services offeres by ur Linux machine.
What are the services offeres by ur linux box ? will tell u the chains that u need tp put for these specific services .
Please accpet my apologies for having kept u waiting .
Temporarily i dont have a Interne connection hence am irregular with checking my mails but will try best to respond as early as possible.
Regards.
|
|
|
|
|
11-24-2001, 09:33 AM
|
#11
|
|
Member
Registered: Nov 2001
Location: Sweden
Distribution: GNU/Linux since -97
Posts: 149
Original Poster
Rep:
|
Hi.
DC = Direct Connect and it's a filesharing program, peer 2 peer.
The problem is that I'm new to ipchains and I want to write some chains that allow DC out on the internet from my int network
//FredrikN
|
|
|
|
|
11-27-2001, 04:05 AM
|
#12
|
|
Member
Registered: Apr 2001
Location: London
Posts: 408
Rep:
|
Right that's the most difficult to read rules file I've ever looked at.
It's got loads of "!" that put the rules in reverse. "very confusing when your trying to follow them"
Anyway there are a few incorrect ICMP rules that also need to be fixed.
Put this at the very end of the firewall script.
ipchains -A output -p icmp -s 0/0 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 0 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 3 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 4 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 9 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 12 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 14 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 18 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 8 -d 0/0 -j DENY -l
ipchains -A input -p icmp -s 0/0 --icmp-type 11 -d 0/0 -j DENY -l
ipchains -A input -p icmp -s 0/0 --icmp-type 10 -d 0/0 -j DENY -l
Ok to get DC to work try typing this as root or adding it to the firewall file.
ipchains -A input -p tcp ! -y -s 0/0 --sport 412 -d 194.236.131.110 1023:65535 -j ACCEPT
ipchains -A output -p tcp -s 0/0 1023:65535 --dport 412 -t 0x01 0x10 -j ACCEPT
I think 194.236.131.110 is your eth1 ip address if not replace it with the correct one.
I've also changed the TOS flag so the priority is higher for increased speed.
If this still doesn't wotk it might be that DC uses UDP, the FAQ doesn't say anything very helpful so we will just keep trying till it works.
/Raz
|
|
|
|
All times are GMT -5. The time now is 01:04 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
