Re: My customer's are going back to NT if I can't get this fixed!!!

From: David (linuxdave01@yahoo.com)
Date: 08/08/02


From: David <linuxdave01@yahoo.com>
Date: Wed, 07 Aug 2002 22:41:13 GMT

What if he's using ipchains instead of iptables? By default, RH 7.3 still
uses ipchains... Root command prompt: 'lokkit' choose the customise option
and manually type in 4000:tcp, 4000:udp

Luke Ross wrote:

> Hi,
>
> Stacey Sharp wrote:
>>
>> I've been in this group and others for a while trying to figure this
>> problem
>> out. My customer is telling me to make it work or they want their NT
>> Server back!
>>
>> I have a SQUID proxy/qmail Email/Samba PDC Server running on RHL 7.3.
>> Everything works fine except for a connection to port 4000 which worked
>> on
>> their NT box. There is a specific website that loads a PowerTerm applet
>> for
>> the users to login to a HP-UX system. The PowerTerm program needs to
>> send
>> its authentication information over port 4000. When this is attempted it
>> claims the host (www.specific-site.com) cannot be found. I've been on
>> the phone with this site's TS and they say that port 4000 has to be open
>> for TCP
>> communication. Port 4000 is in the Safe_ports ACL list in squid.conf. I
>> don't see any references to this port in my tcpdump logs, or squid logs.
>> I am attempting this connection without a firewall (iptables) script
>> running. I have read everything I can find on tcpserver, xinetd, and
>> Linux
>> Administration. Everything I'm reading tells me that this communication
>> should be allowed and should work, but it doesn't. Running "nmap
>> localhost"
>> shows me that only ports 22, 25, 110, and 3128 are open. How do I get
>> communication to travel through this port? Does port 4000 have to be
>> always
>> open like 22, 25, 110, and 3128? If so, what server program needs to
>> monitor it? What am I NOT doing right?
>>
>> I've been given one week to figure this out or I will have to revert back
>> to
>> (gulp) their NT box for proxy. Please help me figure out what needs to
>> be
>> done. Let me know what additional info you need.
>
> Give us a clue, is this a NAT set up or do all the clients have real
> external IP addresses? Perhaps...
>
> iptables -I FORWARD 1 -t filter --destination-port 4000 -j FORWARD
>
> - or -
>
> iptables -I POSTROUTING 1 -t nat --destination-port 4000 -j MASQUERADE
>
> may help you, the former is a straighforward iptables-style forward, the
> latter does the same but using IP masquerade (I hope!)
>
> Luke