LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-20-2002, 10:28 AM   #1
kill4u666
LQ Newbie
 
Registered: Jan 2002
Posts: 3

Rep: Reputation: 0
iptables firewall lockup / NeoModus Direct Connect


Hello,

I have a linux firewall running Mandrake Linux 8.1 (Vitamin) which has been updated to the 2.4.8-34.1mdk kernel.

I am attempting to use the DirectConnect(DC) program made by NeoModus from a windows machine behind the firewall.

My problem:
For some reason the firewall will lock up after an unspecified amount of time....Some times it locks up in 5 minutes and other time 15 hours....I do not see these problems except when DC is running.
I have seen some hint of this problem when using Morpheus, a similiar file sharing program...

I originally was running DC is passive mode since I had not opened any ports on the firewall. After the lock up I enabled port forwarding and now run DC in active mode....The mode change did not have any affect on the lock ups.......Everything seems to work properly until the lock up.....

After the machine locks up...You must do a hard reset on the firewall...The ability to log in on the console is even lost....

Does anybody have any ideas of what may be going on...I am also open for any ideas on how to track this type of problem........


Thanks,
kill4u666
 
Old 02-23-2002, 05:39 PM   #2
Franzose
LQ Newbie
 
Registered: Feb 2002
Posts: 3

Rep: Reputation: 0
Wonna know how....

Hi,

I want to know how you get DC to work in active mode? I tried several times but it never worked....

thanks....
 
Old 02-24-2002, 06:22 PM   #3
__modal__
LQ Newbie
 
Registered: Feb 2002
Location: Vancouver, BC, Canada
Distribution: FC6
Posts: 7

Rep: Reputation: 0
ipchains and Neo-Modus DirectConnect

Hi,

Hopefully someone can help me here, my skills with ipchains are pretty limited and i've yet to make the move to iptables (just upgraded from a 6.2 kernel recently).

I've tried a number of times now to get Neo-Modus DirectConnect to work in active mode on a networked windoze box behind my RH 7.1 box using PMFirewall (ipchains) as a base for rules. I am also running Portsentry with the ports mentioned below removed from the listen list in the config file.

forward and REDIRECT 'ing TCP and UDP ports 412 (DC's recommended ports) does not seem to work. I've tried disabling the firewall (masq only) without any success as well as shutting down portsentry.

I can connect to DC hubs but when I attempt to search for files no results are produced and my linux box is logging kernel messages denying connection attempts on eth0 (outer network) on port 412. Even though "ipchains -L" lists:

ACCEPT tcp ------ "external IP address" anywhere any -> 412
ACCEPT udp ------ "external IP address" anywhere any -> 412


any help much appreciated.

thank you.
 
Old 03-17-2002, 07:15 PM   #4
spany
LQ Newbie
 
Registered: Mar 2002
Posts: 5

Rep: Reputation: 0
Lockup

Hi

Can you please explain how you got DC working in active mode from behind the firewall? How did you actually enable the portforwarding in the firewall (i tried doing a simple portforwarding on the http port to an internal machine but it doesnt work... any special kernel parameters?)

In regards to the lockup I found that it happened to me if the kernel buffer filled up. So that meant I had to do a hard reboot on the firewall machine.. This happens if you have anyrules that actually logs the packets to the system buffer...

Ta
Spany
 
Old 03-17-2002, 08:16 PM   #5
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
What is your firewall script. You may have to accept packets from certain ports to make it work. I have an extensive firewall script (using iptables) and have successfully gotten an ftp server to work behind it. I would expect that you would have to do some of the same things.
 
Old 03-17-2002, 08:24 PM   #6
spany
LQ Newbie
 
Registered: Mar 2002
Posts: 5

Rep: Reputation: 0
Direct Connect in active mode

Hi

Do you mind if I take a look at your firewall script. I am really lost on ideas here actually. I understand the rules, but am not too great at writing my own rules.

Spany
 
Old 03-17-2002, 08:26 PM   #7
spany
LQ Newbie
 
Registered: Mar 2002
Posts: 5

Rep: Reputation: 0
Direct Connect in active mode

Hi

Oh and btw, I am using a P133 with 48 MB of ram with RH 7.2 and Kernel 2.4.17 as my firewall router.

Ta
Spany
 
Old 03-17-2002, 09:02 PM   #8
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
Just e-mail me at bbenz3@hotmail.com b/c the script is a little on the long side.


what a boring 100th post!
 
Old 03-17-2002, 11:10 PM   #9
spany
LQ Newbie
 
Registered: Mar 2002
Posts: 5

Rep: Reputation: 0
Direct Connect in active mode

he he... i actually export my display to a windows machine and manage my router remotely... wouldnt feel happy about spending a super-machine one linux.. would be an overkill...

ta
Spany
 
Old 03-18-2002, 12:29 AM   #10
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
well . . . My linux router sits in a closet with a 5 dollar monochrome monitor. The monitor is just to verify every once in a while that something is working. I use ssh from remote on either this linux box or one of my windows machines to admin the router.
 
Old 03-18-2002, 10:14 AM   #11
cubensis
LQ Newbie
 
Registered: Mar 2002
Distribution: slackware 8.0
Posts: 2

Rep: Reputation: 0
kill4u666: I think it is necessary to see your firewall script/rules in order to assess the problem. I have run a similar configuration with no problems. As for the people who want to know how to get DC to work behind a firewall or on a NAT'd network, I'll tell you how I accomplished this. In this example the Winbl0ze box has a private ip address of 192.168.0.2.

1) Direct Connect Configuration

Go to --> Settings --> Connection --> Advanced Networking Options

Select Active mode...duh

Where it says Force Direct Connect to report connections on this port...choose a port that you like...we'll use 666 in this example in honor of kill4u666, the owner of this thread.

Where it says Force Direct Connect to report this ip...put the GLOBAL ip address of the machine that is your router/firewall/NAT machine.

Part 1 is now done...unless I've forgotten something

2) Iptables configuration

On the Linux firewall/NAT box map port 666 for udp and tcp connections to the Winbloze dc box.

iptables -t nat -A PREROUTING -p tcp --dport 666 -i eth0 -j DNAT --to 192.168.0.2

iptables -t nat -A PREROUTING -p udp --dport 666 -i eth0 -j DNAT --to 192.168.0.2

*Here is how to do a range of ports if you want to run more than one client.

iptables -t nat -A PREROUTING -p tcp --dport 666:777 -i eth0 -j DNAT --to 192.168.0.2:666-777

iptables -t nat -A PREROUTING -p udp --dport 666:777 -i eth0 -j DNAT --to 192.168.0.2:666-777

Anyhoo, hope this helps.
 
Old 03-18-2002, 06:35 PM   #12
__modal__
LQ Newbie
 
Registered: Feb 2002
Location: Vancouver, BC, Canada
Distribution: FC6
Posts: 7

Rep: Reputation: 0
I think I figured out why port forwarding isn't working for me.

When I upgraded from a 2.2 to a 2.4 kernel (using up2date..oops) the basic kernel
installed iptables with ipchains support but did not include the ipchains port forwarding support in the kernel config or Makefile.

I tried rebuilding the kernel from source and found no mention of this capability (as far as ipchains is concerned) in the .config or the Makefile, so I am assuming that it is no longer supported or that it has to be added manually.....

So I tried switching to iptables via unloading ipchains and using loaded modules for iptables, but the system didn't seem to like that very much and had a nervous breakdown.


:smash:

got ipchains working again for the time being and now to figure out how to make the switch to iptables

wish me luck
 
Old 03-19-2002, 09:33 AM   #13
cubensis
LQ Newbie
 
Registered: Mar 2002
Distribution: slackware 8.0
Posts: 2

Rep: Reputation: 0
Did you try doing this?

/bin/echo "1" > /proc/sys/net/ipv4/ip_forward


I'm sure you probably tried that already, but I thought I'd mention it anyway. A lot of people upgrade their kernel just so they can have support for iptables...and I have to admit, it does totally kick arse.
 
Old 03-19-2002, 03:10 PM   #14
__modal__
LQ Newbie
 
Registered: Feb 2002
Location: Vancouver, BC, Canada
Distribution: FC6
Posts: 7

Rep: Reputation: 0
Yeah, I've tried that (actually it was already at a value of 1, but I did it anyway).

Thanks anyhow
 
Old 04-24-2002, 01:49 PM   #15
eXor
Member
 
Registered: Mar 2002
Location: Sweden
Distribution: Slackware 10.1
Posts: 103

Rep: Reputation: 15
Help me plase!

I allsow wan't to get Direct Connect to work in Active Mode!

I know that it is port 411-414 that I have to activate.
How do I do this?
My computer whit DC has ip 192.168.0.2.

I use iptables. I have Slackware 8.0.

/Ludvig (Sweden)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
direct connect monohouse Linux - Software 3 07-11-2005 08:10 AM
iptables and vsftpd on firewall box - can't connect radiowhiz Linux - Networking 6 03-30-2005 12:03 PM
Direct Connect (DC) ShadowMetis Linux - Software 1 02-17-2005 10:22 PM
direct connect maseby General 1 10-24-2004 10:53 AM
direct connect mkacz9 Linux - Software 2 10-07-2003 07:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration