PDA

View Full Version : getting around a nokia checkpoint NAT firewall


maturus2523
12-09-2003, 12:08 PM
Any suggestions? People on the LAN are able to reach it but not outside.

[ioFTPD]
Ftp_Login_Attempts = 3
Hide_Tray = False
Cache_Max = 100 # Maximum number of cookie files to cache
Directory_Cache_Max = 5000 # Maximum number of directories to cache
TCL_Pool_Size = 10
Double_Click = ftp://143.105.59.12:21/
Process_Priority = High # (Idle/Normal/High/Realtime)
Worker_Thread_Count = 10 # Amount of worker threads
Io_Thread_Count = 3 # Amount of io threads [*registered version*]
Encryption_Thread_Count = 2 # Amount of dedicated encryption threads
LogIn_TimeOut = 15 #
Idle_TimeOut = 120 #
File_Concurrent_Requests = 5 # Maximum simultanous Read+Write operations per device [*registered version*]
File_PreAllocation = 0 # Amount of kilobytes to pre-allocate for uploads

[Locations]
User_Id_Table = ..\etc\UserIdTable
Group_Id_Table = ..\etc\GroupIdTable
Hosts_Rules = ..\etc\Hosts.Rules

User_Files = ..\users
Group_Files = ..\groups
Log_Files = ..\logs
Cache_Files = ..\cache

Ftp_Messages = ..\text\ftp
Telnet_Messages = ..\text\telnet
Html_Files = ..\text\http

Default_Vfs = ..\etc\default.vfs
Environment = ..\etc\ioftpd.env

##################### DEVICES ########################

[Any]
Host = 0.0.0.0
Ports = 1024-2048
;Random = True
;Bind =

[Local]
Host = 127.0.0.1
Ports = 20000-25000
;Bind = 127.0.0.1
;Random = False

[Nat]
Host = 143.105.8.12
Ports = 0-99999
Random = True
Bind = 143.105.59.12

[Balance-Device-One]
Host = 192.168.1.10
Ports = 20000-25000
Random = True

[Balance-Device-Two]
Host = 192.168.1.11
Ports = 20000-25000
Random = True


################## END OF DEVICES ####################



##################### SERVICES #######################

[FTP_Service]
Type = FTP
Device_Name = Any
Port = 2121
Description = My FTP Service
User_Limit = 10
Allowed_Users = *
;Messages = ..\text\ftp
Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = 192.168.1.11
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 128
Max_Cipher_Strength = 384
;Get_External_Ident = False
;Data_Devices =
;Random_Devices = False


[Nat_FTP_Service]
Type = FTP
Device_Name = Nat
Port = 21
Description = My NAT FTP Service
User_Limit = 10
Allowed_Users = *
;Messages = ..\text\ftp
Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
#Certificate_Name = 192.168.1.11
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 128
Max_Cipher_Strength = 384
;Get_External_Ident = False
;Data_Devices =
;Random_Devices = False


[Traffic_Balancer_Ftp_Service]
Type = FTP
Device_Name = Any
Port = 9999
Description = My Balanced FTP Service
User_Limit = 10
Allowed_Users = *
;Messages = ..\text\ftp
Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = 192.168.1.11
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 128
Max_Cipher_Strength = 384
;Get_External_Ident = False
Data_Devices = Balance-Device-One Balance-Device-Two
Random_Devices = False


[Telnet_Service]
Type = Telnet
Device_Name = Any
Port = 10001
Description = My Telnet Service
User_Limit = 10
Allowed_Users = T !*
;Messages = ..\text\telnet


[HTTP_Service]
Type = HTTP
Device_Name = Any
Port = 10000
Description = My HTTP Service
User_Limit = 50
Allowed_Users = H !*
;Messages = ..\text\http
Certificate_Name = 192.168.1.11
Explicit_Encryption = False
Encryption_Protocol = SSL2
;Min_Cipher_Strength = 128
;Max_Cipher_Strength = 192


################## END OF SERVICES ###################


[Network]
Active_Services = FTP_Service Nat_FTP_Service Traffic_Balancer_Ftp_Service Telnet_Service HTTP_Service

Nagle = False # Enable/Disable TCP Nagle algorithm
Ident_Lookup = True # Enable/Disable ident lookup (RFC1413)
Ident_Timeout = 15 # Set ident timeout (seconds)
Hostname_Lookup = True # Hostname reverse lookup

Identity_Cache_Validity = 1800 # Seconds cached identity is valid
Suggested_Identity_Cache_Size = 256 # Maximum cached identities

Internal_Transfer_Buffer = 65536 # Internal transfer buffer size


[Sections]
## Maximum of 10 different credit sections ##
#
# <alias> = <credit section #> <path>
# <alias> = <credit section #> <stats section #> <path>
#

Home = 0 1 /home/*
Default = 0 *


[VFS]
###
# Default attributes for files & directories
#
# Required Parameters: <filemode> <owner uid>:<owner gid>
#

Default_Directory_Attributes = 755 0:0
Default_File_Attributes = 644 0:0


###
# Command specific rules
#
Modify_Stats_On_Delete = False


###
# Detailed permissions for directories
#
# priviledge = <virtual path> <rights>
#
Upload = * *
Resume = * *
Download = * *
MakeDir = * *
RemoveDir = * 1VM
RemoveOwnDir = * *
Rename = * 1VM
RenameOwn = * *
Overwrite = * VM
Delete = * 1VM
DeleteOwn = * *
NoStats = * =lSpeed !*


[Reset]
WeeklyReset = Sunday
MonthlyReset = 1st


[Scheduler]
###
# Scheduler
#
# Event = <minutes> <hours> <day of week> <day of month> Command
#
# Internal Commands:
#
# &Reset : Resets upload/download counters
# &Service_Update : Reloads devices and Restarts services, if bind ip of service has changed
#
Reset = 0 0 * * &Reset
Service_Update = 10,30,50 * * * &Service_Update


[Events]
;OnUploadError =
;OnUploadComplete =
;OnResume =
;OnUpload =
;OnFtpNewDir =
;OnFtpDelDir =
;OnFtpLogIn =
;OnTelnetLogIn =
;OnHttpLogIn =
;OnServerStart =
;OnServerStop =


[Pre]
;stor =
;mkd =


[Post]
;mkd =
;rmd =
;stor =
;dele =


[HTTP]
Executable = *.exe *.com *.cgi *.php *.php3 *.bat


[Scripts]
## SITE <script> <parameters>
#
# !file = Show file
# @string = Alias
# %file = Execute file (translate cookies)
# file = Execute file
#
EXEC = ..\scripts\exec.bat
HELP = !..\help\help.msg
WKUP = @stats wkup
WKDN = @stats wkdn


[Ftp-Permissions]


[Ftp-SITE-Permissions]
## SITE <cmd> ##
#
# 'M' - MASTER
# 'V' - VFS ADMINISTRATOR
# 'G' - GROUP ADMIN RIGHTS
# 'F' - FXP DENIED (DOWNLOAD)
# 'f' - FXP DENIED (UPLOAD)
# 'L' - SKIP USER LIMIT PER SERVICE
# 'A' - ANONYMOUS
#
adduser = 1GM
deluser = 1GM
renuser = 1M
gadduser = 1GM
grpadd = 1M
grpdel = 1M
grpren = 1M
chgrp = 1M
kick = 1M
addip = 1GM
delip = 1GM
passwd = !A *
stats = !A *
tagline = !A *
who = !A *
chmod = !A *
chown = MV
chattr = MV
config = M
uinfo = 1GM
users = 1GM


[Change-Permissions]
admingroup = 1M
credits = 1M
flags = 1M
groupdescription = 1M
groupslots = 1M
groupvfsfile = M
homedir = 1GM
logins = 1M
passwd = 1GM
ratio = 1GM
stats = M
tagline = 1GM
vfsfile = M


[Telnet-Permissions]
adduser = 1GM
deluser = 1GM
renuser = 1M
gadduser = 1GM
grpadd = 1M
grpdel = 1M
grpren = 1M
kick = 1M
addip = 1GM
delip = 1GM
passwd = *
stats = *
tagline = *
who = *
chgrp = 1M
config = M
putlog = MT
uinfo = 1GM


[Http-Permissions]
users = 1GM
uinfo = 1GM
addip = 1GM
delip = 1GM
config = M

Mouton
12-09-2003, 12:52 PM
ioftpd.com/documentation
install page
step 6

maturus2523
12-09-2003, 02:17 PM
Yeah, I checked that out because I saw the thing in the knowledge base. Although I navigated just fine through the .ini (at least, for a noob) I couldn't really understand the host file to well. This is what I've got, are there any mistakes?

# Default policy
#
# POLICY ACCEPT CONNECTIONS_PER_IP
# POLICY DENY
#

# Uncomment the ACCEPT line, and comment the DENY line
# *** when you changed the default ioFTPD password! ***

POLICY ACCEPT 2
# POLICY DENY


# Classes
#
# CLASS CLASS_NAME TOTAL_CONNECTIONS_PER_CLASS
CLASS NORDIC 25
CLASS ADMIN -1

# Rules
#
# ACCEPT I|H IP|HOSTNAME CLASS_NAME CONNECTIONS_PER_IP
# DENY I|H IP|HOSTNAME LOG_STRING
#

ACCEPT I 192.168. ADMIN -1
ACCEPT I 127.0.0. ADMIN -1
ACCEPT I 172.16. ADMIN -1
ACCEPT I 10. ADMIN -1
ACCEPT H .fi NORDIC 2
ACCEPT H .se NORDIC 1
ACCEPT H .no NORDIC 1
DENY I 16.3.4 "Banned network address"
DENY H .tw "Access from taiwan is prohibited"