email, newsgroups, data packets

I have a Linux computer and two Windows 98SE computers. All are
connected to a hub. The Linux computer using pppd, calls my ISP using
an external modem connected to the Linux computer's serial port. I
start Squid, and the Windows computers can surf using IE which is told
to use port 3128.

But on the Win98 machines, email does not work (POP3 & SMTP ports
110, 25), Agent newsreaders don't work (port 115), Norton NAV update
doesn't work (port ?), and RealPlayer (port ?) does not work. There
is nothing in NAV nor Agent that I can find to specify a port, nor do
I know what protocols these applications use (is this necessary?)

I've done some reading on transparent proxy and iptables, but I'm not
sure what I need to do next to get these applications to work
properly.?

Thanks

On Wednesday 25 Feb 2004 1:23 pm, Phisherman uttered these immortal words:

> But on the Win98 machines, email does not work (POP3 & SMTP ports
> 110, 25), Agent newsreaders don't work (port 115), Norton NAV update

NNTP is usually port 119 but anyway...

> doesn't work (port ?), and RealPlayer (port ?) does not work. There
> is nothing in NAV nor Agent that I can find to specify a port, nor do
> I know what protocols these applications use (is this necessary?)
>
> I've done some reading on transparent proxy and iptables, but I'm not
> sure what I need to do next to get these applications to work
> properly.?

If you're telling IE to use a proxy you don't have a transparent proxy so I
suspect that's your goal?

You haven't posted any iptables rules (with any details you don't want us to
see munged) so I'm guessing you're blocking everything except web access
from the Linux box.

The easiest way to get things working is to open ports for the services you
want for now.

If you only want the Linux box to have direct net access you should look
into these solutions:

Fetchmail to get mail via POP3, a local POP3 or IMAP server running on the
Linux box for Windows to get mail from and a MTA (Postfix, Sendmail, Exim,
Qmail, other) to send via SMTP.

Leafnode for NNTP.

AFAIK NAV should be able to use IE's proxy settings.

You can then only allow the Linux box to access the net and provide the
services you want access to locally.

Disclaimer ;-):
This is the best I can do with the information given. I've made a lot of
assumptions so this may not be what you want.

--
Andy.

I used the linux NAT howto. I think that's what you want:

http://www.netfilter.org/documentati...NAT-HOWTO.html

My iptables setup is for a direct network (dsl) not dialup, so your will
differ, but it's pretty simple and will be something like this:

*filter
:INPUT ACCEPT [0:0]
#NAT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
#normal iptables rule
-P INPUT DROP

:FORWARD ACCEPT [0:0]
# NAT Forward
-A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
#normal iptables rule
-A FORWARD -i eth0 -o eth0 -j REJECT

#NOTE: eth0 is the outward facing nic, eth1 is the local subnet

To turn on NAT you do something like this:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to <outward facing ip>

I redirect all NAT client port 80 requests to squid using this:
iptables -t nat -A PREROUTING -i eth1 -p tcp -s 10.0.0.10/31 --dport 80 -j
REDIRECT --to-port 8080

So, NAT clients just use whatever browser, and it automagically uses Squid
on the linux box


All this was from the NAT howto, your setup will probably differ, read the
HOWTO


"Phisherman" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have a Linux computer and two Windows 98SE computers. All are
> connected to a hub. The Linux computer using pppd, calls my ISP using
> an external modem connected to the Linux computer's serial port. I
> start Squid, and the Windows computers can surf using IE which is told
> to use port 3128.
>
> But on the Win98 machines, email does not work (POP3 & SMTP ports
> 110, 25), Agent newsreaders don't work (port 115), Norton NAV update
> doesn't work (port ?), and RealPlayer (port ?) does not work. There
> is nothing in NAV nor Agent that I can find to specify a port, nor do
> I know what protocols these applications use (is this necessary?)
>
> I've done some reading on transparent proxy and iptables, but I'm not
> sure what I need to do next to get these applications to work
> properly.?
>
> Thanks

I used John's post and created the following script.

#!/bin/sh
# masq4 02-26-2004
modprobe ipt_MASQUERADE
iptables -F
iptables -t nat -F
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -P INPUT DROP
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i ppp0 -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

For a Win98SE client, I changed the TCP/IP-->NIC settings as follows:
IP Address: Specified an IP address of 192.168.0.1, mask 255.255.255.0
Gateway: 192.168.0.3
DNS Configuration enable DNS, Host: localhost Domain: worldnet.att.net
DNS servers: 204.127.xxx.x 204.127.xxx.x

From the client DOS prompt I can
ping 192.168.0.3 (the IP address of the Linux box)
ping localhost
ping 127.0.0.1
ping 192.168.0.255 (broadcast address)

I start pppd, squid then ran the above script on the Fedora Linux box.

From the client Win98SE machine, when I attempt to surf with IE I
get...

Detecting proxy server
Finding site: my.att.net
Cannot find server or DNS error
Internet Explorer

My newsreader and email don't work either.
:-(
Please help!

Phisherman <(E-Mail Removed)> wrote:

> From the client Win98SE machine, when I attempt to surf with IE I
> get...
>
> Detecting proxy server

You shouldn't configure browser to use a proxy (its transparent).

> Finding site: my.att.net
> Cannot find server or DNS error

Have you set up DNS for the clients?

--
Cameron Kerr
(E-Mail Removed) : http://nzgeeks.org/cameron/
Empowered by Perl!