now the things are going this way:
ICMP packets -no problem (ICMP ECHO aka PING to any host e.g. www.qnx.com)
UDP packets - they seem too (i.е. DNS aka udp port 53
i.e. nslookup & ipnat -l show sessions on 53 port of external machine. nslookup works fine)
now about TCP — can’t figure out my mistake…
any brouser from the internal host finds the external host been required, but then says - it can’t establish connection
now look at ipnat -l.
i see udp sessions listing (including port numbers on internal box, external QNX interface >>remapped into the right pool<< and external port 53 of name servers
there are also footprints of tcp connections
BUT!!!
source, qnx-box-external and external box addresses are listed, but nothing about the ports!!! I suppose the port 80 (aka http) should be listed on the outside box and either should ports on internal and qnx-box… i suppose
WHY???
Um, I usually do “portmap tcp/udp”, but your rules still looks ok.
I can’t think of any reason why UDP works, but not TCP. Is this
a perticular site, or is every site you tried are all blocked?
Can you goto “www.yahoo.com”, or “www.microsoft.com” ?
Is the internal Box a Windows machine, or another Unix ?
This happens to any TCP packet:
I used IPfiler from repository (v 3.4.27) it works fine for ICMP and UDP - but it corrupts TCP header (it changes port number as axpected, changes checksum, throws half a header away and throws all the packet contents - this is the resulp of working with tcpdump on the local and remote machine)
The one I was able to find in your repository - it seems to work fine… but catches no packets ((((( statistics shows that there are no traffic at all.
All the packets are forwarded to the outer network without any change
I use QNX Momentix 6.2.1A PE
Well, use the one in 3rd party repository is the right choice.
Is you internal box a windows machine? There is one time,
that a IPFilter will block any Windows packets (not intentinally
of cause , but it should be fixed and put into QNX 3rd party
repository now. Send me an email to xtang AT qnx dot com,
I will see if I could get a proper one for you.
Hi,
Sorry for the intrusion, but I need some help too (you know the feeling…) I’m trying to set up a home firewall. So far I got both interfaces working. I can reach the internet on one, and I can ssh in from another box using the other, so I guess everything shoild be fine. This is the netstat -r output:
Routing tables
Now I’m not really an expert in the field, and my experience comes from SysV world, so please bare with me.
Q1: Do I need ipfilter.so in order to use the qnx box as a router, ie does it do just filtering, or NAT as well?
Q2: Now the problem. This is what happens when I try to load it:
bash-2.05a# mount -T io-net ipfilter.so
mount: Can’t mount / (type io-net)
mount: Possible reason: No such device or address
Can anyone please shed some light here. Thanks a lot.
Thanks for the reply.
I downloaded iso image less than a month ago, and took me some time to sort out network interfaces. I’ve also added the third partyu repository (if that’s the name).
How do I know that I need to update and what?
How do I update/upgrade?
It was quite obvious what to do to install new packages, but I don’t have a clue how to maintain it afterwards.