[Firewall] debian 1.9.0.b-1

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Thu Mar 19 09:04:42 CET 2009


Thanks. I've fixed it :)

a.

Lampa wrote:
> Hello,
> 
> and one typo:
> # NAT TCP/UDP/IP forwards. Forward ports or protocols from the gateway to
> # an internal client through (D)NAT. Note that you can also use these
> # variables to forward ports to DMZ hosts.
> #
> # TCP/UDP form:
> #       "{SRCIP1,SRCIP2,...~}PORT1,PORT2-PORT3,...>DESTIP1{~port} \
> #        {SRCIP3,...~}PORT3,...>DESTIP2{~port}"
> #
> # IP form:
> #       "{SRCIP1,SRCIP2,...~}PROTO1,PROTO2,...>DESTIP1 \
> #        {SRCIP3~}PROTO3,PROTO4,...>DESTIP2"
> #
> # TCP/UDP port forward examples:
> # Simple (forward port 80 to internal host 192.168.0.10):
> #       NAT_xxx_FORWARD="80>192.168.0.10 20,21>192.168.0.10"
> # Advanced (forward port 20 & 21 to 192.168.0.10 and
> #           forward from 1.2.3.4 port 81 to 192.168.0.11 port 80:
> #       NAT_xxx_FORWARD="1.2.3.4~81>192.168.0.11~80"
> #
> # IP protocol forward example:
> #        (forward protocols 47 & 48 to 192.168.0.10)
> #        NAT_IP_FORWARD="47,48>192.168.0.10"
> #
> # NOTE 1: {~port} is optional. Use it to redirect a specific port to a
> #         different port on the internal client.
> # NOTE 2: {SRCIPx} is optional. Use it to restrict access for specific source
> #         (inet) IP addresses.
> # -----------------------------------------------------------------------------
> NAT_FORWARD_TCP=""
> NAT_FORWARD_UDP=""
> NAT_FORWARD_IP=""
> 
> 
> instead NAT_xxx_FORWARD should be NAT_FORWARD_xxx (in comments)
> 
> 2009/3/18 Lampa <lampacz at gmail.com>:
>> No problem, thank you.
>>
>> 2009/3/18 Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl>:
>>> Ah ofc. Now I understand what's going on. Sorry for me treating you like a
>>> fool ;-) I'll fix this for the upcoming 1.9.0c which is scheduled for next
>>> week.
>>>
>>> a.
>>>
>>> Lampa wrote:
>>>
>>> Hello,
>>>
>>> no, of course i have IP_FORWARDING=0.
>>>
>>> It seem that is following code:
>>>
>>> + echo ' DISABLING packet forwarding'
>>> + sysctl -e net.ipv4.ip_forward=0
>>> ++ /sbin/sysctl -w '-e net.ipv4.ip_forward=0'
>>> + result='error: "-e net.ipv4.ip_forward" is an unknown key'
>>> + return_val=255
>>> + '[' 255 '!=' 0 ']'
>>> + printf '\033[40m\033[1;31m sysctl -e net.ipv4.ip_forward=0: error:
>>> "-e net.ipv4.ip_forward" is an unknown key (255)\033[0m\n'
>>>  sysctl -e net.ipv4.ip_forward=0: error: "-e net.ipv4.ip_forward" is
>>> an unknown key (255)
>>> + return 255
>>> + exit
>>>
>>> 2009/3/18 Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl>:
>>>
>>>
>>> Just disable forwarding in the config file, this should fix your issue. I
>>> recall it says something like IP_FORWARDING=1 and you should simply set it
>>> to 0....
>>>
>>> a.
>>>
>>> Lampa wrote:
>>>
>>>
>>> Hello,
>>>
>>> after upgrade from 1.9.0-beta1(manualy downloaded) to distribution
>>> 1.9.0.b-1, got error:
>>> /etc/init.d/arno-iptables-firewall start
>>> Starting Arno's Iptables Firewall... sysctl -e net.ipv4.ip_forward=0:
>>> error: "-e net.ipv4.ip_forward" is an unknown key (255)
>>> done.
>>>
>>> i'm not using ip forward (fw is on server machine) so it's not
>>> supported in kernel
>>>
>>> It's not critical but little annoying :)
>>>
>>>
>>>
>>> --
>>> Arno van Amersfoort
>>> E-mail    : arnova at rocky.eld.leidenuniv.nl
>>> Donations are welcome through Paypal!
>>> ---------------------------------------------------------------------------
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>>
>>
>>
>> --
>> Lampa
>>
> 
> 
> 

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list