Re: how can I tunnel a Broadcast through a firewall ?

From: Christian Wiese (Christian.Wiese@web.de)
Date: 04/30/02


From: Christian.Wiese@web.de (Christian Wiese)
Date: 30 Apr 2002 01:25:26 -0700

RainbowHat <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message news:<9MCXMGUTU6RW1112XTWSPRWBnHiATlE@blackhole.mit.edu>...
> < RainbowHat
> 8<
> ># ./_your_iptables_script_
> >
> >Read the error messages carefully. Or
> >
> ># /sbin/iptables -n -L
> >
> >will help you.
>
> OK, I understand the broadcast packets are coming to the box (Bex)
> eth1. `ethereal` that is using libpcap is sniffing the interface eth1.
> But this is not the proof of iptables ACCEPT. So how about to change
> '-j ACCEPT' to '-j LOGACCEPT' all related rules and watch the logs.
> And logging the not ACCEPT-ed packets coming from 164.19.200.173 is
> better for debug.

the following line dos not work :-(
$IPTABLES -A INPUT -i $IHITN -p udp -s $client --sport
$p_high --dport xdmcp -j LOGACCEPT
error message:
iptables v1.2.2: Couldn't load target
`LOGACCEPT':/usr/lib/iptables/libipt_LOGACCEPT.so: cannot open shared
object file: No such file or directory

which version do you use?

now my full code

set VLANBC= 192.10.10.255
foreach client ( $WinRechnerMitXwindowClientXDM )
  $IPTABLES -t nat -A PREROUTING -i eth1 -p udp -s $client --sport
$p_high --dport xdmcp -j DNAT --to-destination $VLANBC
  foreach server ( $LokaleKernsysteme )
    $IPTABLES -A FORWARD -i eth1 -p TCP -s $client -d $server
--sport $p_high --dport 512 -j ACCEPT
    #$IPTABLES -A FORWARD -i eth0 -o eth1 -s $server -d $client -p UDP
--sport xdmcp --dport $p_high -j ACCEPT
    echo "xdm access to computer $server from computer $client
allowed!"
  end
end

The generated pagage from the PREROUTING line dos not leave the
Computer B on the eth0 device (network 192.10.10.0/24). The package is
logged from the firewall on computer B on device eth1
(162.19.200.xxx/192).



Relevant Pages