{ "numMessagesInTopic": 3, "nextInTime": 2290, "senderId": "OvyMo2AdSvYSxu7PsQvkvUQeM3CVW5iDmrCFF1hTkCh7LCKnzE7ZHkR9kF_XOf1EstEmSCtl4iKNDJUvVBfHIFaFGnPhMAxszWQsanc9", "systemMessage": false, "subject": "Re: pcAnywhere and firewall settings", "from": ""lifeisfuneh" <lifeisfuneh@...>", "authorName": "lifeisfuneh", "msgSnippet": "Does it work when you disable the firewall ? ... connected ... 5631 ... port ... ACCEPT ... ACCEPT ... 5632 ... port ... ACCEPT ... ACCEPT ... PC , it ... ", "msgId": 2289, "profile": "lifeisfuneh", "topicId": 2288, "spamInfo": { "reason": "0", "isSpam": false }, "replyTo": "LIST", "userId": 72825321, "messageBody": "
--- In magnia_sg20@yahoogroups.com, fronit <no_reply@y...> wrote:
\n> Has anybody succeeded in getting pcAnywhere to work from behind
\n> SG-20's firewall?
\n>
\n> pcAnywhere uses port 5631 (TCP) and port 5632 (UDP).
\n> The local (private) IP -to which the PC behind the SG20 is
\nconnected
\n> to- is 192.168.0.10. Let's call this PC "sg20-PC".
\n>
\n> I added some rules (I derived them from Jason Alday's great posts):
\n>
\n> *****************************************************************
\n> # forward anthing (TCP) going to port 5631 to 192.168.0.10 port
\n5631
\n>
\n> $IPTABLES -A PREROUTING -t nat -p tcp --dport 5631 -j DNAT --to
\n> 192.168.0.10:5631
\n>
\n> # allow packets trying to go from the wan to lan to the forward
\nport
\n> 5631 thru.
\n>
\n> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 5631 -j
\nACCEPT
\n>
\n> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp --sport 5631 -j
\nACCEPT
\n>
\n> # forward anthing (UDP) going to port 5632 to 192.168.0.10 port
\n5632
\n>
\n> $IPTABLES -A PREROUTING -t nat -p udp --dport 5632 -j DNAT --to
\n> 192.168.0.10:5632
\n>
\n> # allow packets trying to go from the wan to lan to the forward
\nport
\n> 5632 thru.
\n>
\n> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --dport 5632 -j
\nACCEPT
\n>
\n> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p udp --sport 5632 -j
\nACCEPT
\n> *****************************************************************
\n>
\n> With this, the incomming pcAnywhere connections work, but I cannot
\n> initiate a session outwards.
\n>
\n> So any PC from the internet can connect to the "sg20-PC" (which is
\n> behind the SG20) and start a normal pcAnywhere session.
\n>
\n> But if I want to control another PC on the internet from "sg20-
\nPC", it
\n> won't work!
\n>
\n> I then added yet another rule (again derived from Jason Alday's
\ngreat
\n> posts) for outgoing mapping:
\n>
\n> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
\n> [% IF firewall.enabled -%]
\n>
\n> # Allow pcAnywhere clients through the external port
\n>
\n> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp --dport 5631:5632 -
\nm
\n> state --state NEW,ESTABLISHED -j ACCEPT
\n>
\n> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --sport 5631:5632
\n> --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
\n>
\n> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p udp --dport 5631:5632 -
\nm
\n> state --state NEW,ESTABLISHED -j ACCEPT
\n>
\n> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --sport 5631:5632
\n> --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
\n>
\n> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p 5631:5632 -j ACCEPT
\n>
\n> $IPTABLES -A FORWARD -i $EXTIF -o $EXTIF -p 5631:5632 -j ACCEPT
\n>
\n> [% END -%]
\n> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
\n>
\n> but no avail.
\n> I tried to read and understand all the parameters involving
\n> "$IPTABLES", but as you can see I yet have no idea about them
\nreally.
\n>
\n> Does anybody understand this?
\n> What am I doing wrong here for the outgoing mapping???
\n> Is the incomming mapping correct at all (it works)?
\n>
\n> Thanks!