Re: nntp client behind suse firewall

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: nntp client behind suse firewall

John Andersen
On Friday 04 August 2006 03:27, wpc wrote:

> NNTP works well on my firewall, but doesn't work at
> all on client computers that reside behind my
> firewall.
>
>
>
> i put this iptables line in my custom firewall script
> file.
>
> under "fw_custom_after_antispoofing()"
>
> i have
>
> iptables -N network1_in
> iptables -N network1_out
> iptables -A FORWARD -i eth2 -o eth1 -j network1_in
> iptables -A FORWARD -i eth1 -o eth2 -j network1_out
>
> iptables -t nat -A POSTROUTING -o eth2 -p tcp -s
> $mynet --sport 1024:65535 -d 0/0 --dport 119 -j SNAT
> --to $my_ext_ip
>
> iptables -A network1_out -p tcp -s $mynet --sport
> 1024:65535 -d 0/0 --dport 119 -m state --state
> NEW,ESTABLISHED -j ACCEPT
>
> iptables -A network1_in -p tcp -s 0/0 --sport 119 -d
> $mynet --dport 1024:65535 -m state --state ESTABLISHED
> -j ACCEPT
>
>
> but it still doesn't work ? what could be the problem
Why do you want your internal machines to traverse your firewall to
get to an nntp server?  The proper thing to do is run your own server
on the firewall which is the only machine that would have to bother
the public servers.


--
_____________________________________
John Andersen

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

SPAM: Re: nntp client behind suse firewall

wpc-2
please elaborate how then would i give access to
various nntp servers to different clients on my
network ?




  "Who the heck is General Failure, and why is he reading my harddisk?"
 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: SPAM: Re: nntp client behind suse firewall

Armin Schoech
Hi,

> please elaborate how then would i give access to various nntp
> servers to different clients on my network ?
>
--> you would run your own NTP server on the firewall machine. This
NTP server contacts several external NTP servers to get a valid and
exact network time.

Your clients need to contact the NTP server on the firewall machine
only. Since its internal network only, there should be no considerable
time lags on the internal net so the clients need to contact only one
(your firewall) NTP server.

Cheers,
Armin

--
Am Hasenberg 26         office: Institut für Atmosphärenphysik
D-18209 Bad Doberan             Schloss-Straße 6
Tel. ++49-(0)38203/42137        D-18225 Kühlungsborn / GERMANY
Email: [hidden email]     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here
Reply | Threaded
Open this post in threaded view
|

Re: SPAM: Re: nntp client behind suse firewall

wpc-2
ok will do that, but something wierd is happening i
think, i mean i have turned on all logging on my
firewall but i don't see a single packet with
destination port 119 from my computer !

i have ethereal installed on my computer and when i
compare with the firewall logs, packets with the
source port from my machine used to connect to nntp
server do not appear ! where could they be getting
lost from ?



  "Who the heck is General Failure, and why is he reading my harddisk?"
 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

SPAM: Re: SPAM: Re: nntp client behind suse firewall

wpc-2
In reply to this post by Armin Schoech

which nntp server would you recommend ? there doesnt
seems to be any on the sles9 cd's

  "Who the heck is General Failure, and why is he reading my harddisk?"
 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: SPAM: Re: nntp client behind suse firewall

Gabriele Conrad
In reply to this post by Armin Schoech
Am Samstag, 5. August 2006 16:10 schrieb Armin Schoech:
> Hi,
>
> > please elaborate how then would i give access to various nntp
> > servers to different clients on my network ?
>
> --> you would run your own NTP server on the firewall machine. This
> NTP server contacts several external NTP servers to get a valid and
> exact network time.

You are missing an "N" there. It is the usenet and not a time-server he
wants to contact...

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: SPAM: Re: nntp client behind suse firewall

Armin Schoech

> > --> you would run your own NTP server on the firewall machine. This
> > NTP server contacts several external NTP servers to get a valid and
> > exact network time.
>
> You are missing an "N" there. It is the usenet and not a time-server he
> wants to contact...
>
--> I'm very sorry; obviously I did not read the original question
carefully enough.

Armin

--
Am Hasenberg 26         office: Institut für Atmosphärenphysik
D-18209 Bad Doberan             Schloss-Straße 6
Tel. ++49-(0)38203/42137        D-18225 Kühlungsborn / GERMANY
Email: [hidden email]     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here