[vox-tech] Linux networking question

Marc Hasbrouck vox-tech@lists.lugod.org
Sun, 26 Jan 2003 20:43:01 -0800 (PST) 

Yeah, I can see how not knowing what ports to open is
a problem. With netfilter, you could just forward
stuff between the PS/2 and the internet. 

Red Hat Security and Optimization has a short
discussion on netfilter and how the actual commands
work. It's in chapter 20. At least it's a starting
point.

Marc

--- Michael J Wenk <mwenk@comcast.net> wrote:
> Answers below:
> 
> ----- Original Message -----
> From: "Marc Hasbrouck" <m_hasbrouck@yahoo.com>
> To: <vox-tech@lists.lugod.org>
> Sent: Saturday, January 25, 2003 9:58 PM
> Subject: Re: [vox-tech] Linux networking question
> 
> 
> > What version of Linux are you using?
> 
> Debian linux woody with kernel 2.4.19.
> 
> 
> >
> > For a generalized look at firewalling, look around
> for
> > the O'Reilly book Building Internet Firewalls, 2nd
> Ed.
> > It gives a non OS specific discussion of
> firewalling
> > and ports. Also, go to netfilter.org (the iptables
> > folks).
> 
> I've read some of their stuff, and went thru the
> manpages, but
> unfortunately, I wasn't able to do what I wanted to
> do.
> 
> >
> > If you have your DHCP server and clients set up
> right,
> > local traffic should stay local. At least it does
> here
> > on my systems.
> >
> > An example of the kind of addressing I use:
> >
> > Local network:
> > IP adddresses: 192.168.100.1 through
> 192.168.100.254
> > Net Mask: 255.255.255.0
> > Default Gateway: 192.168.100.1
> 
> Right now, Im completely DHCP, but my windows box,
> and the PS2 are given
> static addresses via DHCP.
> 
> A little quirk of mine is to use the 10.0.0 network,
> and my static
> addresses(granted by DHCP) are below 40, dynamic are
> 40-80, and everything
> above 80 is non DHCP.  I use a standard class C
> subnet mask, and my default
> gateway is my linksys router which is 10.0.0.200.  I
> hand everybody on DHCP
> DNS servers 10.0.0.1(linux box), and whatever is in
> resolv.conf(comcast.net
> nameservers)
> 
> My original solution did not work, and that was to
> turn kernel level
> netfilter logging on, and then figure out what ports
> individual games wanted
> open and then open them.  It didn't work because no
> matter what I did to
> iptables and syslog, everything iptables would find
> would be logged to the
> console only.  I wasn't able to figure it out, and
> combing the manpages(and
> even some of the netfilter sourcecode) didn't help. 
> Even with that, I was
> looking for more of a general way to grant the ps2,
> rather than individual
> port forwarding which is sorta tedious.
> 
> Ill check out that book sometime soon, thanks for
> the suggestion.
> 
> 
> 
> >
> > When I reference an address out side of the above
> > range, the packet is routed to the gateway (in
> this
> > case, 192.168.100.1). Otherwise, the packet should
> > never cross the gateway.
> >
> > Marc
> >
> > --- Michael J Wenk <mwenk@comcast.net> wrote:
> > > I have a question that has cropped up recently. 
> I
> > > have a gamesystem with an ethernet card in it. 
> My
> > > old setup had everything going thru my linux
> system
> > > to the internet.  The linux box has a DHCP and
> > > caching DNS server running and it all seemed to
> work
> > > great.  I have had this setup since December of
> 2000
> > > and have had to make little modifications to it.
> > > Unfortunately, my PS2(the above game system)
> does
> > > not seem to like this very much.  The issue is
> > > unfortunately port forwarding.  To fix this(on a
> > > temporary basis) I used the router portion of my
> > > hub(its a linksys cable/DSL router that I bought
> a
> > > few years back on the hopes that it would work
> > > better or at least as well as the linux in
> routing,
> > > and save me a few bucks on power.  Unfortunately
> > > back then, it failed miserably.  However,
> recently
> > > with my current problems, I was reading that the
> > > thing is upgradable by firmware.  I did that and
> it
> > > works better.  Rather than fail after a few hrs
> of
> > > operation, it lasted about a week before
> requiring
> > > powercycling.  My problem is more software and
> comes
> > > from the fact that game makers for PS2 don't
> seem
> > > very communicative about what ports need to be
> > > opened in their software for stuff to function
> > > properly.  The linksys router supports a DMZ
> host
> > > which throws the PS2 system on the network
> > > unprotected.  My question is, is there a way to
> do
> > > this in software in the linux box?  I know I
> could
> > > probably get 1 more hub, and put the exterior
> > > connections(the PS2 and the linux box) on it and
> get
> > > another IP from comcast.  I don't want to do
> this
> > > for my whole network, and it comes from the fact
> > > that I never could convince my systems that they
> > > didn't need to go to the internet for local file
> > > xfers(which I do a lot.)  So, does anyone have
> any
> > > idea how to simulate the DMZ portion of the
> linksys
> > > router under linux?  Im running a 2.4
> kernel(2.4.19
> > > to be exact.)  Oh, and I'm looking for something
> a
> > > bit cleaner than just forwarding every port to
> the
> > > PS2.
> > >
> > > Mike
> > >
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> > http://mailplus.yahoo.com
> > _______________________________________________
> > vox-tech mailing list
> > vox-tech@lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox-tech
> 
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com