Archive

Archive for October, 2003

H.323 through a Netfilter (Linux 2.4) firewall

October 27, 2003 Leave a comment

To communicate using a tool like Microsoft NetMeeting or GnomeMeeting through a Linux (kernel 2.4.x-based) firewall, you have to redirect some ports to one IP address in the inside network, otherwise, it won’t work.

Here is a little script meant to achieve exactly that:

#!/bin/sh
# Script to redirect H.323 trafic to one specific IP behind the firewall

IPTABLES=/sbin/iptables
OUT_DEV=ppp0
IN_HOST=192.168.11.33
TCP_PORT_RANGE=30000:30010
UDP_PORT_RANGE=5000:5003
TCP_LISTENING_PORT=1720

#$IPTABLES -t nat -A POSTROUTING -o $OUT_DEV -j MASQUERADE
$IPTABLES -t nat -A PREROUTING -i $OUT_DEV -p tcp --dport $TCP_PORT_RANGE -j DNAT --to-dest $IN_HOST
$IPTABLES -t nat -A PREROUTING -i $OUT_DEV -p udp --dport $UDP_PORT_RANGE -j DNAT --to-dest $IN_HOST
$IPTABLES -A FORWARD -p tcp -i $OUT_DEV --dport $TCP_PORT_RANGE -d $IN_HOST -j ACCEPT
$IPTABLES -A FORWARD -p udp -i $OUT_DEV --dport $UDP_PORT_RANGE -d $IN_HOST -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $OUT_DEV -p tcp --dport $TCP_LISTENING_PORT -j DNAT --to-dest $IN_HOST
$IPTABLES -A FORWARD -p tcp -i $OUT_DEV --dport $TCP_LISTENING_PORT -d $IN_HOST -j ACCEPT

You have of course to modify the variables at the beginning to suit your particuliar setup. This one works for a bunch of Debian-based installs with ADSL connection.

This article was first written in October 2003 for
the BeezNest technical website (http://glasnost.beeznest.org/articles/75)
Advertisements

Cross-platform file and print server running GNU/Linux

October 25, 2003 Leave a comment

GNU/Linux is particularly adapted as file server for Microsoft Windows, MacOS (any version) and UNIX workstations. It is adapted to serving printers to them as well and, as every UNIX, is well-suited as application server (mail, web, DHCP, …).

Users and groups are stored on the server for centralized and common access from all the client types.

For the management of all that, we use Webmin, a web interface that allows a lot of things, even remote and shared management between several administrators.

To achieve this, some well-known free softwares are used: Samba, Netatalk, FTP (File Transfer Protocol), CUPS, NFS (or yet other means, Linux is able to use many).

Samba is a free CiFS (also known as SMB, a file and print server and client for UNIX) implementation, known as performing faster than the original Microsoft implementation. It can integrate into an existing Windows-based network, or completely replace it for every service the Windows version can provide. By integration, I mean be client or server or both at the same time.

Netatalk is a free Appletalk implementation for UNIX. It allows Mac users to access the files created by the users of the other systems.

A FTP server is sometimes the best way to transfer files betweens computers, for example from the outside of the local network. It must be secured, however, to only allow access to people who need it.

CUPS is a free implementation of the widely supported (Microsoft, HP, …) IPP (Internet Printing Protocol) which removes most of the burden associated to networked printers. It allows, with various interfaces (web, GTK+, …), to install and configure all kinds of printers. It also allows printers autodiscovery on your network.

To manage users and groups accross the network, various solutions exist, depending on the existing infrastructure. If you do not already run an NT Domain (or Active Directory) or do not want to use it, we use NIS or LDAP to store, retrieve and manage users, passwords and groups. Otherwise, Samba is also able to integrate your GNU/Linux to the existing Domain or replace it completely.

This article was first written in October 2003 for
the BeezNest technical website (http://glasnost.beeznest.org/articles/74)
%d bloggers like this: