Re: [masq] IP Masquerade through firewalls.

Tue, 23 Jun 1998 20:55:28 -0400 

On Wed, 24 Jun 1998, Nathan Damianos wrote:
|o| Hi everyone. I hope you can take a couple of minutes
|o| of your time to read this and help me out if you can.
|o| We are currently trying to maintain a server of ours in
|o| Norway over the internet but are having a few problems.
|o| Our network setup is a s follows:
|o| 
|o| 1.1.1.1  ______ 2.2.2.2 _____|-----|_______3.3.3.3_______4.4.4.4
|o| Sco Unix       Linux        |____|       Firewall      Sco Unix
|o|              Firewall       Internet
|o| 
|o| 
|o| IP Masquerading occurs at 2.2.2.2. This becomes the address that is
|o| sent over the internet to the firewall at the other end.
|o| It is working with telnet and ftp, but not with rcp (unix remote
|o| file copy command) or rlogin. All the ports on 3.3.3.3 are open to
|o| ip 2.2.2.2, and I'm told all the ports on 2.2.2.2 are open to 1.1.1.1.
|o| Interestingly, I can rcp and rlogin from 2.2.2.2 to 4.4.4.4, and also
|o| from 1.1.1.1 to 2.2.2.2. But when I try to rcp from 1.1.1.1
|o| to 4.4.4.4 I get a response:  
|o|     4.4.4.4: Address already in use.
|o| 

        Natan,  this is an easy one  (at  least, so I think) :-)) When
your rcp packet  (coming  from 1.1.1.1 with a port number < 1024) gets
masqueraded at 2.2.2.2,  it receives the 2.2.2.2 IP address AND A PORT
number  > 61000. Thus, as far as 4.4.4.4 is concerned, the rcp request
comes from an UNPRIVILEGED port and is NOT honored.

        The work around? I dont't know :-((( I've never been thru this
issue. Perhaps someone else can further help you. Regards ...

                                                           ...
        .               .               .                -(o o)-
_.,-*b'`-`'d*-,._.,-*b'`-`'d*-,._.,-*b'`-`'d*-,._/----oOO--(_)--OOo---
                                           =
UNIVERSIDADE ESTADUAL DE LONDRINA - UEL   .:.    assis @ npd.uel.br
Nucleo de Processamento de Dados  - NPD   <*>    Marcos Assis Silva
     Gerencia de Software Basico  - GSB   ":"   Analista  de Suporte
             Parana - Brasil               o    PGP  key   available  
        .               .               .  =            .
_.,-*b'`-`'d*-,._.,-*b'`-`'d*-,._.,-*b'`-`'d*-,._.,-*b'`-`'d*-,._.,-*b

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to