Ip_conntrack_rsh - how to make nat working?

Email lists > Netfilter iptables discussion and user questions

Thread: Ip_conntrack_rsh - how to make nat working?

Search this list only Search all lists
Ip_conntrack_rsh - how to make nat working?
United States	2007-07-09 16:03:00
Hi, I need to setup rsh via nat working. Don't ask me why I use use unsafe protocol, and old kernel 2.6.13. I just need make them working. I downloaded patch-o-matic, applied ip_conntrack_rsh patch to kernel 2.6.13, rebuilt kernel , rebuilt iptables 1.3.3. After reboot, I call "modprobe ip_conntrack_rsh". I applied iptables rules from the netfilter webpage: http://www.netfilter.org/projects/patch- o-matic/pom-extra.html#pom-extra -rsh I can see that conntrack is working, rsh stderr connection initiated by rsh server is added to /proc/net/ip_conntrack_expected. The problem is that the rsh stderr stream is not NAT'ed, and connection fails. Here is some trace from gateway: eth2 - public interface of gateway. 10.0.236.90 - public IP of gateway 10.0.238.89 - IP of rsh server 192.168.40.51 - IP of rsh client gateway:/ # tethereal -i eth2 host 10.0.236.90 and host 10.0.238.89 Capturing on eth2 0.000000 10.0.236.90 -> 10.0.238.89 TCP 1023 > shell [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=1927039256 TSER=0 WS=0 0.003846 10.0.238.89 -> 10.0.236.90 TCP shell > 1023 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=24463859 TSER=1927039256 WS=0 0.004107 10.0.236.90 -> 10.0.238.89 TCP 1023 > shell [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=1927039261 TSER=24463859 0.004130 10.0.236.90 -> 10.0.238.89 RSH 102100 0.004180 10.0.238.89 -> 10.0.236.90 TCP shell > 1023 [ACK] Seq=1 Ack=6 Win=5792 Len=0 TSV=24463864 TSER=1927039261 0.005926 10.0.238.89 -> 10.0.236.90 TCP 1019 > 1021 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=24463866 TSER=0 WS=0 0.005979 10.0.236.90 -> 10.0.238.89 TCP 1021 > 1019 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0 0.006175 10.0.238.89 -> 10.0.236.90 TCP shell > 1023 [FIN, ACK] Seq=1 Ack=6 Win=5792 Len=0 TSV=24463866 TSER=1927039261 0.006414 10.0.236.90 -> 10.0.238.89 TCP 1023 > shell [FIN, ACK] Seq=6 Ack=2 Win=5840 Len=0 TSV=1927039263 TSER=24463866 0.006477 10.0.238.89 -> 10.0.236.90 TCP shell > 1023 [ACK] Seq=2 Ack=7 Win=5792 Len=0 TSV=24463866 TSER=1927039263 cat /proc/net/ip_conntrack tcp 6 117 TIME_WAIT src=192.168.40.51 dst=10.0.238.89 sport=1023 dport=514 src=10.0.238.89 dst=10.0.236.90 sport=514 dport=1023 [ASSURED] mark=0 use=1 cat /proc/net/ip_conntrack_expect ( cought by filtering out rsh server initial connection of stderr stream) 1 proto=6 src=10.0.238.89 dst=10.0.236.90 sport=0 dport=1021 My questions are: - how can I setup rsh connection via nat ? - is it a problem with missing/incorrect iptables rules, or I need ip_nat_rsh module? - does ip_nat_rsh module exist? I'll be gratefull for your help. Regards, Krzysztof

[1]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists

ARCHIVES