Thankx I solved the problem by removing firewall and now trying to include firewall settings step by step Vaneet -----Original Message----- From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Ryan Sent: Monday, May 23, 2005 10:35 AM To: CentOS mailing list Subject: Re: RE: Wireless Networking > 1) I am not able to connect to my Centos Server BOX through Secure CRT > 2) I am not able to connect to my Centos using FTP. Try configuring port forwarding on the router instead of DMZ. For SSH , forward port 22 to the 192.x address our centos machine is on. Make sure iptables has 22 open in its firewall settings. Vaneet Sharma wrote: > Dear All, > > I have one centos box ( centos 4.0 ) which is connected to MSI > wireless router....... And which is connected to my ISP MODEM. I > incorporated wireless router so that I can use my laptop from any of > my rooms. > > Now this Centos 4.0 box is my home server machine. > > The MSI Wireless Router has DHCP server enabled. Wireless router has > provided each address to my machines basically internal IP address > like 192.168.1.xx TO 192.168.1.xx. The wireless router has an > external IP which can be reached at : http://84.255.28.48:8080. I > configured DMZ settings in wireless router... Which basically is > mapping my Centos Box internal IP ( 192.168.1.XX ) to public IP ( > 84.255.28.48 ) > > Now the problem is the following: > > how will my centos machine listen to this public IP ? Do I have to set > up firewall settings?> Ifconfig on centos gives me internal IP. I need > to know what routing settings I need to do and where ? > > 1) I am not able to connect to my Centos Server BOX through Secure CRT > 2) I am not able to connect to my Centos using FTP. > > Kind regards > Vaneet > > > -----Original Message----- > From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On > Behalf Of Maciej Zenczykowski > Sent: Friday, May 20, 2005 5:39 PM > To: CentOS mailing list > Subject: Re: Iptables - PREROUTING > > > okay, first of all you shouldn't do it in a script, > instead you should be modifying /etc/sysconfig/iptables > and using /etc/init.d/iptables start/stop > > and add ip_nat_ftp to the proper spot (modules to load) in > /etc/sysconfig/iptables-config > > next you need to rewrite the following for iptables-save/restore > format > > *nat > :PREROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > > [spot for nat rules] > > COMMIT > > *filter > :INPUT DROP [0:0] > :FORWARD DROP [0:0] > :OUTPUT ACCEPT [0:0] > > [spot for filter rules] > > COMMIT > > > [in the filter rules:] > -A INPUT -i lo -j ACCEPT > > # the following is _not_ nice > -A INPUT -i eth0 -p ICMP --icmp-type echo-request -j DROP > > -A INPUT -i eth0 -s rango_ip/29 -d 0/0 -p all -j ACCEPT > -A INPUT -i eth1 -s 172.16.0.0/24 -d 172.16.0.211/32 -p all -j ACCEPT > > > [above in the nat spot] > -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.16.0.3:80 -A > PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 172.16.0.3:443 > > > [again in the filter spot] > -A FORWARD -i eth1 -p tcp -s 172.16.0.0/24 --dport 80 -j ACCEPT -A > FORWARD -i eth1 -p tcp -s 172.16.0.0/24 --dport 443 -j ACCEPT > > -A FORWARD -i eth1 -p tcp -s 172.16.0.0/24 --dport 53 -j ACCEPT -A > FORWARD -i eth1 -p udp -s 172.16.0.0/24 --dport 53 -j ACCEPT > > You _DO_ _NOT_ WANT TO ACCEPT everything from port 53 - I can break > through this firewall in 5 seconds. > -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT > -A INPUT -p udp -m udp --dport 53 -j ACCEPT > > same here, plus squid doesn't use udp > -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT > > the default should be to drop > > -A INPUT -j LOG --log-level info > -A OUTPUT -j LOG --log-level info > -A FORWARD -j LOG --log-level info > > [in nat again] > -A POSTROUTING -s 172.16.0.6/32 -o eth0 -j MASQUERADE > -A POSTROUTING -s 172.16.0.10/32 -o eth0 -j MASQUERADE > -A POSTROUTING -s 172.16.0.9/32 -o eth0 -j MASQUERADE > > > this should be in /etc/sysctl.conf > >>echo 1 > /proc/sys/net/ipv4/ip_forward > > > do the above changes and repost with what you have and we'll go from > there... > > Cheers, > MaZe > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos > > > Vaneet Sharma > executive manager > iDeasTank Limited > an iwg business > dolphins' court po 388 > valletta, m-malta/europe > mobile: +356 9943 8263 > skype: CALLVANEET > fax: +356 9952 8888 > phone: +356 9942 8888 > > vaneet@xxxxxxxx > call me on www.skype.com - my ID is CALLVANEET > > Want a signature like this? - www.plaxo.com\signature > > iwg is a global e-mobile company creating, building and growing new > businesses. iwg founders are pioneers in creating multi-billion > dollar mobile and Internet businesses in Europe, Asia and the US. > > www.iWG.info > www.countryprofiler.com/iWG > www.visitmalta.com > www.mfc.com.mt > > > Privileged/Confidential Information may be contained in this message. > If you are not the addressee indicated in this message (or responsible > for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos Vaneet Sharma executive manager iDeasTank Limited an iwg business dolphins' court po 388 valletta, m-malta/europe mobile: +356 9943 8263 skype: CALLVANEET fax: +356 9952 8888 phone: +356 9942 8888 vaneet@xxxxxxxx call me on www.skype.com - my ID is CALLVANEET Want a signature like this? - www.plaxo.com\signature iwg is a global e-mobile company creating, building and growing new businesses. iwg founders are pioneers in creating multi-billion dollar mobile and Internet businesses in Europe, Asia and the US. www.iWG.info www.countryprofiler.com/iWG www.visitmalta.com www.mfc.com.mt