Re: Firewall & IP Forwarding problems

From: wim (wimpunk_at_gmail.com)
Date: 07/31/05

  • Next message: Daniel McBrearty: "Re: ftp fails first time when using apt-get" 
    Date: Sun, 31 Jul 2005 11:19:59 +0200
To: Debian User <debian-user@lists.debian.org>

    Ronald Castillo wrote:
    > Hello.
    >
    > I'm trying to connect my pocket pc by wíreless to my VMWare Windows 2000
    > virtual PC. Which means, I need a completely transparent connection
    > between my eth1 (wireless) and vmnet8 (vmware emulated lan) devices.
    >
    > So far, I've tried using the following script:
    >
    > -----------------------------------------------------------
    >
    > #!/bin/sh
    > echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"
    >
    > IPTABLES=/sbin/iptables
    > DEPMOD=/sbin/depmod
    > INSMOD=/sbin/modprobe
    > #Setting the EXTERNAL and INTERNAL interfaces for the network
    > #
    > EXTIF="vmnet8"
    > INTIF="eth1"
    >
    > echo " External Interface: $EXTIF"
    > echo " Internal Interface: $INTIF"
    >
    > #======================================================================
    > #== No editing beyond this line is required for initial MASQ testing ==
    > echo -en " loading modules: "
    >
    > # Need to verify that all modules have all required dependencies
    > #
    > echo " - Verifying that all kernel modules are ok"
    > $DEPMOD -a
    >
    > echo
    > "----------------------------------------------------------------------"
    >
    > echo -en "ip_tables, "
    > $INSMOD ip_tables
    >
    > echo -en "ip_conntrack, "
    > $INSMOD ip_conntrack
    > #Load the FTP tracking mechanism for full FTP tracking
    > #
    > # Enabled by default -- insert a "#" on the next line to deactivate
    > #
    > echo -en "ip_conntrack_ftp, "
    > $INSMOD ip_conntrack_ftp
    > #Load the IRC tracking mechanism for full IRC tracking
    > #
    > # Enabled by default -- insert a "#" on the next line to deactivate
    > #
    > echo -en "ip_conntrack_irc, "
    > $INSMOD ip_conntrack_irc
    > echo -en "iptable_nat, "
    > $INSMOD iptable_nat
    > echo -en "ip_nat_ftp, "
    > $INSMOD ip_nat_ftp
    >
    > echo -e "ip_nat_irc"
    > $INSMOD ip_nat_irc
    >
    > echo
    > "----------------------------------------------------------------------"
    >
    > echo -e " Done loading modules.\n"
    > echo " Enabling forwarding.."
    > echo "1" > /proc/sys/net/ipv4/ip_forward
    >
    > echo " Enabling DynamicAddr.."
    > echo "1" > /proc/sys/net/ipv4/ip_dynaddr
    > echo " Clearing any existing rules and setting default policy.."
    > $IPTABLES -P INPUT ACCEPT
    > $IPTABLES -F INPUT
    > $IPTABLES -P OUTPUT ACCEPT
    > $IPTABLES -F OUTPUT
    > $IPTABLES -P FORWARD DROP
    > $IPTABLES -F FORWARD
    > $IPTABLES -t nat -F
    >
    > #echo " FWD: Allow all connections OUT and only existing and related
    > ones IN"
    > #$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
    > ESTABLISHED,RELATED -j ACCEPT
    > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
    > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
    > $IPTABLES -A FORWARD -j LOG
    >
    > echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
    > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
    >
    > echo -e "\nrc.firewall-2.4 v$FWVER done.\n"ð
    >
    > --------------------------------------------
    >
    > After applying this script, I'm able to ping the pocketpc from the
    > VMWare system and, when I tap on "Connect" on the pocketpc, Activesync
    > on the VMWare system starts rolling but stops a while later saying a
    > "Critical communication services failed to start..." error which I
    > learned was because a firewall blocked the application. All solutions I
    > found were for Windows, so I would appreciate any help I could get to
    > make this work under Linux.
    >
    > I'm running a Sarge system with a 2.6.12.2 kernel.
    >
    > Thanks in advance,
    >
    > Ronald

    Check your vmware startup scripts.
    Somewhere there's a vmware-bridge, but I never made a succesful bridge
    with an encrypted wireless network.

    wim. 

    -- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Daniel McBrearty: "Re: ftp fails first time when using apt-get"

    Relevant Pages

    • RE: Firewall & IP Forwarding problems
      ... > I'm trying to connect my pocket pc by wíreless to my VMWare Windows ... > $INSMOD ip_conntrack ... > #Load the FTP tracking mechanism for full FTP tracking ... > After applying this script, I'm able to ping the pocketpc from the ...
      (Debian-User)
    • Re: [FC1] Want to ignore a USB device
      ... > I've got an HP pocket PC with a USB docking cradle. ... > winxp under VMware and I want the docking cradle to be used there. ... Fedora GNU/Linux Core 2 on D600 1.4Ghz CPU kernel ...
      (Fedora)
    • [FC1] Want to ignore a USB device
      ... I've got an HP pocket PC with a USB docking cradle. ... fedora is grabbing the device first and VMware can't see ... Jul 20 16:59:40 gmc kernel: usbserial.c: PocketPC PDA converter detected ...
      (Fedora)
    • Re: [SLE] sandisk mp3 player
      ... I have a VMware Windows ... For VMware you may have to go into /etc/fstab and change usbfs from noauto ... Easiest to reboot after that or do an init 1 and then init 5. ...
      (SuSE)