Linuxathome.net - Linux news and help for home broadband internet users
 Home | Files | Case Mods | Reviews | Forum | Search | Links | RDF | Contact | Uptime | Server Info | Tracker
Sections

Installation Guide
Setting Up
Internet Sharing
Port Forwarding
Services Config
Installing Programs
Game Servers
Using IPTables
Useful Commands
Kernel Upgrading
System Recovery
Red Hat 7.2 Setup
OpenBSD Setup
BPA Login Setup
PPPoE Setup
Add New Hardware
Using PPTP VPN
VMware ESX Cmds
Our RC5 Team
Folding@Home
Help Support Us

 
Articles
Linux Security
NetStats FAQ
Linux KIS Trojan
CAT5/LAN Cables
Domain Names
Presario RH Install APC Debian DVD
 
Slashdot.org
  • Walt Mossberg's Last Column Calls For Privacy and Security Laws
  • Leaked 'Standing Rock' Documents Reveal Invasive Counterterrorism Measures
  • Seven Science Journals Have A Dog On Their Editorial Board
  • Malicious Apps Brought Ad-Clicking 'Judy' Malware To Millions Of Android Phones
  • New Privacy Vulnerability In IOT Devices: Traffic Rate Metadata
  • Silicon Valley Continues To Explore Universal Basic Incomes
  • Researchers Found Perfect Contraceptives In Traditional Chinese Medicine
  • Is Amazon's AWS Hiring 'Demolishing The Cult Of Youth'?
  • New Details On Sergey Brin's Plan For The World's Largest Aircraft
  • Even For Businesses, Chrome Is The Top Browser
  • Working Theory In Jet Crash: IPhone In Cockpit Is To Blame
  • Google Go-Playing A.I. Retires To Focus On Energy Conservation And Medicine
  • Creative Commons Staff Members Release New Free eBook
  • Security Analyst Concludes Windows 10 Enterprise 'Tracks Too Much'
  • Ask Slashdot: Is There A Screen-Less, Keyboard-Less, Battery-Powered Computer?
  •  
    Affiliates

    TweakTown.com
    ZGeek.com
    pebkac-consulting.com.au

     
    Webmail
      E-mail Address:

    Password:


     
      Port Forwarding
     

    To get your Internet connection working naturally (i.e. the way it would if you had a single machine direct connected to the cable) you will have to setup rules that specify certain Port Forwarding options. Basically when you first install Linux there is a secure firewall running that blocks most incoming traffic, in order to get most of your programs running through this you must specify the rules to allow certain ports and the appropriate protocols that these ports will be using.

    For more detailed information on the ipmasqadm program and IP Masquerading for Linux then you can visit this site, Linux IP Masquerade Resource. There you can download the compressed file and get the latest up-to-date information.

         

      Forwarding Instructions

     
    Installing ipmasqadm

    To get Port Forwarding working you will need a program call ipmasqadm. This is not packaged with Red Hat 6.2 and you will need to download it yourself. This is quite easy to do as it is a packaged RPM available on-line by doing a simple search. When we setup our machines the latest version was the file ipmasqadm-0.4.2-4.i386.rpm and was found with no problems. Similarly it can be done by downloading and compiling the source which is found in the file ipmasqadm-0.4.2.tar.gz also easily found online.

    To install the RPM simply download the appropriate file and install it by using the command rpm -ivh ipmasqadm-0.4.2-4.i386.rpm this will install the ipmasqadm into its default directory which is /user/sbin (as with most system programs). Now it is ready to use.

    To install the source code you will need to download it appropriate file to a suitable directory (once again we recommend /usr/sbin). To unzip and untar it you will need to run the following command on the file in the directory to which you save the file; tar -xzvf ipmasqadm-0.4.2.tar.gz this will create the directory ipmasqadm-0.4.2/ in which all the files will be contained. You will now need to change to this directory and proceed with compiling and configuring the source. Before you proceed we recommend you read the latest readme file contained with the source for helpful install information, this is done by cat doc/README | more and using SPACE to scroll down the screens. Once you have read the instructions all that is left to do is compile the source by typing make install. Now it is ready to use.

     

    Adding Port Forwarding Rules

    /usr/sbin/ipmasqadm autofw -A -r tcp <server_port> <client_port> -h <client_ip>

    This will forward any port on the server that matches this rule directly to the same port on the client machine. Make sure that the <server_port> and <client_port> are the same otherwise you will get the this error: Illegal port numbers.

    /usr/sbin/ipmasqadm portfw -a -P tcp -L <server_ip> <server_port> -R <client_ip> <client_port>

    This will forward any port on the server that matches this rule directly to the port specified on the client machine. i.e. if you want to run a FTP on you Windows machine then you would direct a port like 2000 to the port 21 on you Windows client machine. That way people just log into the FTP on <server_ip>:2000 and they will be redirected by Linux to your <client_ip>:21.

    If you wish to create a script that allows your ports when Linux is booted then you can just simply create the file like in the Net Sharing section and place the rules in there. To allow a large range of ports that are complete, i.e. from port 2000 to 3000 which included all 1000 port then you can use the following code:

    port=2000
    while [$port -le 3000]
    do
    /usr/sbin/ipmasqadm portfw -a -P tcp -L <server_ip> $port -R <client_ip> $port
    port=$((port+1))
    done

    This will loop around 1000 times and add rules for forwarding the ports on the <server_ip> to the same port on the <client_ip>.

     

    FTP, IRC, ICQ etc

    To get such programs as FTP, IRC and ICQ working on your client machines, you will need to load the appropriate modules into the system so that it can forward the data. This should be added to the bottom of your rc.firewall script that you would have created earlier.

    The ip_masc_ftp, and ip_masc_irc module come with Red Hat 6.2, but the ip_masc_icq will have to be downloaded off the Internet, the latest file is ip_masq_icq-0.56.tar.gz and is easily found by doing a search.

    To install this module simply download the file and extract it by typing tar -xzvf ip_masq_icq-0.56.tar.gz, then you can read the README file by typing cat README | more, now all that is left you do is compile the source by typing make. Once the module has been compile form the C source file to make the .o Object file you should copy this file to your kernel model directory by typing cp ip_masq_icq.o /lib/modules/2.2.14-5.0/ipv4/ and then it is ready for you to use.

    Now that you have all the modules on your system, you need to edit your rc.firewall and add these lines of code to the bottom of the script:

    # Needed to initially load modules into the system kernel
    /sbin/depmod -a

    # Supports the proper masquerading of FTP transfers using the PORT method
    /sbin/modprobe ip_masq_ftp

    # Supports the masquerading of IRC DCC file transfers
    /sbin/modprobe ip_masq_irc

    # Supports the masquerading of ICQ chat/file/message transfers
    /sbin/modprode ip_masq_icq

    If like us you can't get the ip_masq_icq to work (i.e. it give your errors when compiling), there is another easier way around the problem. In your rc.firewall add this code at the bottom instead of the /sbin/modprobe ip_masq_icq:

    port=2000
    while [ $port -le 2020 ]
    do
    /usr/sbin/ipmasqadm portfw -a -P tcp -L <optus_ip> $port -R <client_ip> $port
    port=$((port+1))
    done

    This will loop around 20 times and forwards ports 2000 -> 2020 to your client machine (which has ICQ), now you just have to tell ICQ that your behind a firewall and give it the appropriate settings to use.

    Now, in ICQ's Preferences-->Connection, configure it to be "Behind a LAN" and "Behind a firewall or Proxy". Now, click on "Firewall Settings" and configure it to be "I don't use a SOCK5 proxy". Finally, click on Next and configure ICQ to "Use the following TCP listen ports.." from "2000" to "2020". Now click done.

    ICQ 2000 is a bit different, you need to goto ICQ -> Preferences -> Connections -> User. Click on "Not using proxy" and then click on "Use the following TCP listen port for incoming event". In the From: you want to enter 2000 and in the To: you want to enter 2020. Now just click on Apply and your almost finished.

    Also note that it was repviously recommended to change ICQ's "Firewall session timeouts" to "30" seconds BUT many users have found that ICQ becomes unreliable. It has been found that ICQ is more reliable with its stock timeout setting (don't enable that ICQ option) and simply change MASQ's timeout to 160 seconds. You can change this timeout in the rc.firewall ruleset by adding the line of code /sbin/ipchains -M -S 7200 10 160.

    You will probably notice that when you try and connect to an FTP that is not on the default port (i.e. 21) that you will connect but will not be able to do a directory list or anything else for that matter. This is due to the Firewall blocking the ports your ftp client is trying to use for these commands, if you try and forward the ftp port it will still not work (its only connects on that port, the ftp server will use other ports for commands and sends). To fix this, simply look in your FTP Client for a option called "Passive Mode" and enable this, now you should be connect, get a directory list, download and send like normal.

    Some IRC servers require Ident checks and this will prevent you from connecting full stop (this can also be seen as when u log-on you are almost immediately logged off) to fix this all you need to do (in mIRC) is go into File -> Options and under "Connect" go into "Ident". In the Ident section you want to check the "Enable Ident server" checkbox and enter a User ID (nickname is recommended), then simply click OK (your screen should look similar to the first image below). After doing this you need to forward the Ident port (113) to your client machine, to do this simply add this line to you Firewall file: /usr/sbin/ipmasqadm portfw -a -P tcp -L <server_ip> 113 -R <client_ip> 113.

    Another thing is that your Fserv or XDCC server will not work in mIRC, this is because of the Firewall once again (damn Linux is too secure for its own good). To get this working is even simpler than the above, all you need to do (in mIRC once again) go into File -> Options and under "Connect" this time go to "Local Info". In the "Local Host" and "IP Address" boxes you want them blank (as you want them to be established upon connection), you will need to check both the "On connect, always get:" boxes. The only real change you will need to make is the "Lookup method:", you want to make sure you have "Server" checked otherwise it will find your internal hostname and IP not your external one (your settings should look similar to the second image below). This has been tested and works between both our machines (i.e. from one machine behind a Linux Firewall to another behind a Linux Firewall) which means it should work for any case.

    Another thing you might want to do is to allow TCP and UDP ports from 4950 - 5000 through to your machine, once you have done that you can then setup mIRC to use these ports for DCC sends and that will help to make sure that everyone can accept a DCC send from you, below is an example using port auto forwarding:

    #!/bin/sh

    echo " - Allowing IRC FSERV (TCP 4950 - 5000) ...";
    port=4950
    while [ $port -le 5000 ]
        do
            /usr/sbin/ipmasqadm autofw -A -r tcp $port $port -h 192.168.0.2
            /usr/sbin/ipmasqadm autofw -A -r udp $port $port -h 192.168.0.2
          port=$((port+1))
        done

    In this example the client machine is 192.168.0.2, you can change this to suit your IP and if you want to add more clients simply duplicate the two ipmasqadm lines and change the IP for the second machine, once you have done this then just setup mIRC by going to File -> Options, under DCC select Options, then change the DCC ports from 1024 - 5000 to your new forwarded ports 4950 - 5000.

     

    E-mail Problems

    If you want to use an e-mail account that is provided by another ISP (e.g. OzEmail, iHug etc.) then you are going to have problems trying to send e-mail's using these accounts even if they are properly setup, while receiving e-mail's is not a problem. The error you will get when sending is something like "...doesn't allow mail relaying", this is due to the fact that new versions of sendmail do not allow relaying of messages.

    The best way to fix this problem is to disable the sendmail service (you probably don't need it anyway, unless you are running a mail server). To disable the sendmail service login as root and run the command ntsysv this should bring up a window that shows the services that startup at boot time. Find sendmail and disable it. You should now be able to send and receive e-mail's from any POP or SMTP mail server.

     

    Accessing "www" From Your Web Browsers

    You have probably noticed that you can no longer access the Optus@Home members page by typing "www" in to your browser window. This problem is very simple to fix, you just have to put the right proxy information in.

    1. On your Linux box type nslookup you should get a response something like this (it is different for many people):

    Default Server: proxy2.belrs1.nsw.optushome.com.au
    Address: 203.164.20.10
    >

    To exit nslookup simply type in exit and press ENTER.

    2. The default server is what we are after. This is the actual domain name for the proxy server at your node.

    3. Now open up the Browser on your client machine and go in to proxy options, check use a proxy server and type in the address you got from the last step and in the port section type 8080.

    4. Internet Explorer 5.x should look like this:

    - OR -

    When you are setting up network preferences on the client machine in the "DNS configuration" tab under domain instead of leaving it blank type in the suffix of the domain from you node, in this case it would be belrs1.nsw.optushome.com.au. This will also solve the problem.

    Proudly Hosted By:
    Hosted by PEBKAC Consulting

    Please read our Legal Notice for information concerning our site and its content.
    All logos and trademarks in this site are property of their respective owner. All the rest © 2000 - 2016 by Linuxathome.net

    Reviews

    D-Link DI-704P
    VIA EPIA-M 9000
    Tux Applique
    Ricoh MP5125A
    AMD XP 2600+
    3DProphet 9000Pro
    Radeon 9700 Pro
    XTNDAccess IrDA
    Netgear FS-524s
    DSR2161 KVM
    Game TheaterXP & XPS-510 Speakers
    3D Prophet 4000XT
    AutoView 400
    Back-UPS CS 350
    Dual Neon Kit
    SwitchView KVM
    20x4 LCD Kit
    Window Kit

     
    Kuro5hin.org
    XML error: Mismatched tag at line 26.
     
    Google (Linux)
    Enter Keywords:

     
    Bash Jokes

    % got a light?

    No match.

     
    Virtualization, Virtual Machine & Virtual Server Consolidation - VMware

    The Community ENTerprise Operating System

    Get Slackware Linux

    Use OpenOffice.org

    Use Asterisk