[lug] iptables and PCAnywhere 10.5 through a masq firewall

John Hernandez John.Hernandez at noaa.gov
Tue Feb 5 17:13:02 MST 2002 

I got this out of /usr/share/nmap/nmap-services

pcanywheredata    5631/tcp
pcanywherestat    5632/tcp
pcanywherestat    5632/udp
pcanywhere        65301/tcp

It's a handy file.

D. Stimits wrote:

> I'm curious if anyone here happens to know whether pcanywhere is udp or
> tcp? Or which ports? I knew this a very long time ago, can't remember
> now. I suppose it depends on whether it is in a "secure" mode or not.
> 
> D. Stimits, stimits at idcomm.com
> 
> "Joseph D. Lien" wrote:
> 
>>Greetings:
>>
>>I had seen that at one time you were setting up a server to allow connections
>>from PCAnywhere clients to a machine on an internal network.  I am doing the
>>same thing, and I have honest to god been working on it for the last
>>ten hours and am about do lose my mind!
>>
>>I can't see what the heck I'm doing wrong... I've read the man pages about six
>>times through, and I now understand the options and parameters pretty well,
>>but for some reason my configuration just isn't opening up the port on my machine.
>>
>>The machine I'm working with has a domain name "scrui.dnsq.org"... here is the
>>configuration that I've come up with so far:
>>
>>cho "   Enabling forwarding for PCAnywhere on Mizery..."
>>$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp -s 0/0 -d $EXTIP --dport 5631 -j DNAT --to $INTIP:5631
>>
>>$IPTABLES -t nat -A PREROUTING -i $EXTIF -p udp -s 0/0 -d $EXTIP --dport 5632 -j DNAT --to $INTIP:5632
>>
>>#These have got to be the lines for properly mangling my packets...
>>#$IPTABLES -t nat -A POSTROUTING -p tcp -s 192.168.1.1 --sport 5631 #-j SNAT --to $EXTIP:5631
>>#$IPTABLES -t nat -A PREROUTING -p tcp -d $EXTIP --sport 5631 -j DNAT --to 192.168.1.1:5631
>>
>>#$IPTABLES -t nat -A POSTROUTING -p udp -s 192.168.1.1 --sport 5631 #-j SNAT --to $EXTIP:5632
>>#$IPTABLES -t nat -A PREROUTING -p udp -d $EXTIP --sport 5632 -j DNAT --to 192.168.1.1:5632
>>
>>$EXTIF is eth0, $INTIF is also eth0  (technically it's eth0:1, but the program doesn't like that)
>>$EXTIP is a line that greps ifconfig to get the actual internet ip address,
>>$INTIP is 192.168.1.1 (The addy of the machine I'm trying to connect to)
>>
>>If you, or someone you know could help me out, I'd be REALLY grateful...
>>I've been working on this for a long long time and it's driving me nuts.
>>
>>Thanks a lot!
>>
>>-J.D.
>>
>>+-------------------------------------------
>>| Joseph D. Lien (jdlien at full-spectrum.ca)
>>| President of Full Spectrum Design
>>|
>>| Phone: (780) 672-7827
>>| Fax:   (780) 672-8102
>>| Pager: (780) 671-2676
>>|
>>| 5809 48A Ave., Camrose, AB  T4V 0L4
>>+-------------------------------------------
>>
>>Full Spectrum Design Specializes in Creative Media
>>for your advertising and promotional needs.
>>
>> Visit us online at http://www.full-spectrum.ca/
>>
>>_______________________________________________
>>Web Page:  http://lug.boulder.co.us
>>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 


-- 

   - John Hernandez - Network Engineer - 303-497-6392 -
  |  National Oceanic and Atmospheric Administration   |
  |  Mailstop R/OM12. 325 Broadway, Boulder, CO 80305  |
   ----------------------------------------------------

More information about the LUG mailing list