RE: IPchains, masquerading and napster

From: Eduardo Rohr (hanus@gmx.net)
Date: Mon Jan 31 2000 - 05:50:19 EST


I don't know how napster works, but you can quickly see what is going wrong
changing your rules in this way:

 /sbin/ipchains -P forward ACCEPT
 /sbin/ipchains -A forward -p tcp --destination-port 6699 -j MASQ
 /sbin/ipchains -A forward -i eth1 -p all -s 10.11.12.0/24 -j ACCEPT
 /sbin/ipchains -A forward -j DENY -l <----- here you log everything that
is denied

(I would do the same with the INPUT chain)

And then in a terminal using for example "tail -f /var/log/messages" you can
see what is going up.

Eduardo

> Dear Linux-net,
>
> I have a problem setting up my masquerading linuxrouter to forward
> napsterclients. I (on the private side of the router) can do downloads
from
> other clients, but the other clients are not able to do downloads from me.
> Napster sees that people are trying, but the status of their uploads is
> "Waiting...". The setup is as follows:
>
> The home-LAN is 10.11.12.0/24. napster is running on a windowsclient which
> is adressed 10.11.12.12. The router is assigned a static public IP on the
> outside (eth1) and 10.11.12.13 on the LAN-side (eth0). I used the
following
> lines, which in my opinion should work, straightforward as it is:
>
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -p tcp --destination-port 6699 -j MASQ
> /sbin/ipchains -A forward -i eth1 -p all -s 10.11.12.0/24 -j ACCEPT
>
> But it doesn't. It attempts to masq all outgoing traffic, which works and
> attempts to deny all incoming traffic except trafic to port 6699, which is
> the port I configured in napster. It denys all though, except for
> connections initiated from the LAN.
>
> Can anyone please tell me what I'm doing wrong?
>
> Serge Maandag.
>

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu



This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:34 EST