broadcasts to other network?

All of lore.kernel.org
 help / color / mirror / Atom feed

* broadcasts to other network?
@ 2004-12-21 10:07 Frans Luteijn
  2004-12-21 19:54 ` primero@hdr-roma.it
  0 siblings, 1 reply; 4+ messages in thread
From: Frans Luteijn @ 2004-12-21 10:07 UTC (permalink / raw)
  To: netfilter

Dear all,

I have a little problem. I have an 3com ISDN router, which broadcasts
every 10 seconds on src-port 1025, dst-port 2071 and protocol udp.
3com has released a program that collects those broadcasts to report the
status of the router.

The log of the packets:
Dec 21 09:46:51 firewall kernel: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:08:00:4e:a6:f5:74:08:00 SRC=192.168.1.1
DST=192.168.1.255 LEN=116 TOS=0x00 PREC=0x00 TTL=64 ID=42318 PROTO=UDP
SPT=1025 DPT=2071 LEN=96

Now I want to move my computer behind my firewall and let my firewall to
forward those broadcasts.
The new situations will be:


 +----------+     +----------+     +----------+
 |  ISDN-   |     |          |     |  ADSL-   |
 |  router  |-----| firewall |-----|  router  |
 |          |     |          |     |          |
 +----------+     +----------+     +----------+
                        |
                        |
                        |
                  +----------+
                  | Internal |
                  | network  |
                  |          |
                  +----------+

What I already have done:
I have added the following rule:
iptables -t nat -I PREROUTING -s 192.168.1.1 -p udp --sport 1025 --dport
2071 -j DNAT --to 192.168.2.255

The logging changed:
Dec 21 09:42:01 firewall kernel: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:08:00:4e:a6:f5:74:08:00 SRC=192.168.1.1
DST=192.168.2.255 LEN=116 TOS=0x00 PREC=0x00 TTL=64 ID=42284 PROTO=UDP
SPT=1025 DPT=2071 LEN=96

But no packets went out, at least that I couldn't see after adding a
LOG-rule at OUTPUT and FORWARD.

Is there an easy way to solve this or do I need a relaying-program (like
dhcp)?

Greetings,
--
Frans Luteijn
PGP PblKey fprnt=C4 87 CE AF BC B6 98 C1  EF 42 A1 9A E2 C0 42 5B
GPG PblKey fprnt=ED20 0F25 C233 DC59 3FFA  170E D0BF 15F5 0BA6 1355



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: broadcasts to other network?
  2004-12-21 10:07 broadcasts to other network? Frans Luteijn
@ 2004-12-21 19:54 ` primero@hdr-roma.it
  2004-12-23  7:35   ` Frans Luteijn
  0 siblings, 1 reply; 4+ messages in thread
From: primero@hdr-roma.it @ 2004-12-21 19:54 UTC (permalink / raw)
  To: Frans Luteijn; +Cc: netfilter

Frans Luteijn wrote:

>...
>
>But no packets went out, at least that I couldn't see after adding a
>LOG-rule at OUTPUT and FORWARD.
>
>Is there an easy way to solve this or do I need a relaying-program (like
>dhcp)?
>
>Greetings,
>
>  
>
The easiest way, IMHO, is using an UDP-Relay ... i mean, what is more 
simple then a little daemon running smoothly ? ;)

A better and not easy way would be bridging the interface to the 
internal lan with the interface to the router using the same network 
class. This way broadcasts would pass normally from one side of the 
firewall to the other one, you could as well filter traffic beetween the 
two interfaces.

I would choose the latter ;)
bye
primeroz




^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: broadcasts to other network?
  2004-12-21 19:54 ` primero@hdr-roma.it
@ 2004-12-23  7:35   ` Frans Luteijn
  2004-12-23  8:06     ` Rob Sterenborg
  0 siblings, 1 reply; 4+ messages in thread
From: Frans Luteijn @ 2004-12-23  7:35 UTC (permalink / raw)
  To: netfilter

primero@hdr-roma.it schreef:

> Frans Luteijn wrote:
>
> >...
> >
> >But no packets went out, at least that I couldn't see after adding a
> >LOG-rule at OUTPUT and FORWARD.
> >
> >Is there an easy way to solve this or do I need a relaying-program (like
> >dhcp)?
> >
> >Greetings,
> >
> >
> >
> The easiest way, IMHO, is using an UDP-Relay ... i mean, what is more
> simple then a little daemon running smoothly ? ;)
>
> A better and not easy way would be bridging the interface to the
> internal lan with the interface to the router using the same network
> class. This way broadcasts would pass normally from one side of the
> firewall to the other one, you could as well filter traffic beetween the
> two interfaces.
>
> I would choose the latter ;)
> bye
> primeroz

I want to choose the former. I am offering  my ADSL to my house-mates
via a
wireless lan connected to my firewall with a fourth interface (not drawn
in
my first mail) and I don't want thost users on my private-net (it can be
filtered out, but why doing it the hard way?).
Does someone know a program, that can relay udp-broadcasts?

Greetings,
--
Frans Luteijn
PGP PblKey fprnt=C4 87 CE AF BC B6 98 C1  EF 42 A1 9A E2 C0 42 5B
GPG PblKey fprnt=ED20 0F25 C233 DC59 3FFA  170E D0BF 15F5 0BA6 1355



^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: broadcasts to other network?
  2004-12-23  7:35   ` Frans Luteijn
@ 2004-12-23  8:06     ` Rob Sterenborg
  0 siblings, 0 replies; 4+ messages in thread
From: Rob Sterenborg @ 2004-12-23  8:06 UTC (permalink / raw)
  To: netfilter

netfilter-bounces@lists.netfilter.org wrote:

> Does someone know a program, that can relay udp-broadcasts?

Something like this ?
http://www.vttoth.com/tunnel.htm#Appendix

Also, the overview of Delegate (http://www.delegate.org/) says it can do
UDP relay (with restrictions so I don't know if it's usable for you).
Specifically : http://www.delegate.org/delegate/Manual.htm#serv_udprelay

Gr,
Rob

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2004-12-23  8:06 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-21 10:07 broadcasts to other network? Frans Luteijn
2004-12-21 19:54 ` primero@hdr-roma.it
2004-12-23  7:35   ` Frans Luteijn
2004-12-23  8:06     ` Rob Sterenborg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.