[Firewall] debian 1.9.0.b-1

Lampa lampacz at gmail.com
Wed Mar 18 13:37:05 CET 2009


Hello,

and one typo:
# NAT TCP/UDP/IP forwards. Forward ports or protocols from the gateway to
# an internal client through (D)NAT. Note that you can also use these
# variables to forward ports to DMZ hosts.
#
# TCP/UDP form:
#       "{SRCIP1,SRCIP2,...~}PORT1,PORT2-PORT3,...>DESTIP1{~port} \
#        {SRCIP3,...~}PORT3,...>DESTIP2{~port}"
#
# IP form:
#       "{SRCIP1,SRCIP2,...~}PROTO1,PROTO2,...>DESTIP1 \
#        {SRCIP3~}PROTO3,PROTO4,...>DESTIP2"
#
# TCP/UDP port forward examples:
# Simple (forward port 80 to internal host 192.168.0.10):
#       NAT_xxx_FORWARD="80>192.168.0.10 20,21>192.168.0.10"
# Advanced (forward port 20 & 21 to 192.168.0.10 and
#           forward from 1.2.3.4 port 81 to 192.168.0.11 port 80:
#       NAT_xxx_FORWARD="1.2.3.4~81>192.168.0.11~80"
#
# IP protocol forward example:
#        (forward protocols 47 & 48 to 192.168.0.10)
#        NAT_IP_FORWARD="47,48>192.168.0.10"
#
# NOTE 1: {~port} is optional. Use it to redirect a specific port to a
#         different port on the internal client.
# NOTE 2: {SRCIPx} is optional. Use it to restrict access for specific source
#         (inet) IP addresses.
# -----------------------------------------------------------------------------
NAT_FORWARD_TCP=""
NAT_FORWARD_UDP=""
NAT_FORWARD_IP=""


instead NAT_xxx_FORWARD should be NAT_FORWARD_xxx (in comments)

2009/3/18 Lampa <lampacz at gmail.com>:
> No problem, thank you.
>
> 2009/3/18 Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl>:
>> Ah ofc. Now I understand what's going on. Sorry for me treating you like a
>> fool ;-) I'll fix this for the upcoming 1.9.0c which is scheduled for next
>> week.
>>
>> a.
>>
>> Lampa wrote:
>>
>> Hello,
>>
>> no, of course i have IP_FORWARDING=0.
>>
>> It seem that is following code:
>>
>> + echo ' DISABLING packet forwarding'
>> + sysctl -e net.ipv4.ip_forward=0
>> ++ /sbin/sysctl -w '-e net.ipv4.ip_forward=0'
>> + result='error: "-e net.ipv4.ip_forward" is an unknown key'
>> + return_val=255
>> + '[' 255 '!=' 0 ']'
>> + printf '\033[40m\033[1;31m sysctl -e net.ipv4.ip_forward=0: error:
>> "-e net.ipv4.ip_forward" is an unknown key (255)\033[0m\n'
>>  sysctl -e net.ipv4.ip_forward=0: error: "-e net.ipv4.ip_forward" is
>> an unknown key (255)
>> + return 255
>> + exit
>>
>> 2009/3/18 Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl>:
>>
>>
>> Just disable forwarding in the config file, this should fix your issue. I
>> recall it says something like IP_FORWARDING=1 and you should simply set it
>> to 0....
>>
>> a.
>>
>> Lampa wrote:
>>
>>
>> Hello,
>>
>> after upgrade from 1.9.0-beta1(manualy downloaded) to distribution
>> 1.9.0.b-1, got error:
>> /etc/init.d/arno-iptables-firewall start
>> Starting Arno's Iptables Firewall... sysctl -e net.ipv4.ip_forward=0:
>> error: "-e net.ipv4.ip_forward" is an unknown key (255)
>> done.
>>
>> i'm not using ip forward (fw is on server machine) so it's not
>> supported in kernel
>>
>> It's not critical but little annoying :)
>>
>>
>>
>> --
>> Arno van Amersfoort
>> E-mail    : arnova at rocky.eld.leidenuniv.nl
>> Donations are welcome through Paypal!
>> ---------------------------------------------------------------------------
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
>>
>>
>>
>>
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
>
>
>
> --
> Lampa
>



-- 
Lampa


More information about the Firewall mailing list