From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11460731 for ecs-isp@2rosenthals.com; Sun, 15 Dec 2024 00:02:06 -0500 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:54158 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1tMglY-000000001we-1GG3 for ecs-isp@2rosenthals.com; Sun, 15 Dec 2024 00:02:04 -0500 Received: from mta-201b.earthlink-vadesecure.net ([51.81.229.181]:58965 helo=mta-201a.earthlink-vadesecure.net) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1tMglV-0000000063j-23pJ for ecs-isp@2rosenthals.com; Sun, 15 Dec 2024 00:02:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; bh=oKHIGoVLf8kix+IpL/2ArMt87FMwLZZi0xWhqQ liQ28=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1734238920; x=1734843720; b=eAS5yiuwNMbalROyw8Vu6NRP0Ye +xvrmnQxU7J05r0ufe2Czt6x9fygzLFsJkpMW50Qc0Xg8axX68EusIQufT2rmRhMHuzNv9L uz9vPUeDRqqqO1MjwdvJsU9MLNblBU5tMlH1FPkhV4ejldpZT6CBH9ZLP7nCrxf+MoGSixX rrTjj7DvnZAEVSA7lFdTAuMpEJfHVCr33t3gW2qkmH15XarNVb4ZAFK68/6tfI68eOqYHRl 8SlYh2j9Bh62hk7L+67Bly0hM9yNWBSm5BiiKpvNbE9YCeD86lPNRR4JwudNpK1tFxT7DfG 7XfjGCSiQwjrLSIRUzA1khP5dRFJ0jA== Received: from slamain ([172.56.178.196]) by vsel2nmtao01p.internal.vadesecure.com with ngmta id 28962531-1811411c03c201c7; Sun, 15 Dec 2024 05:02:00 +0000 Message-ID: <675e5ccd.26.mr2ice.fgrirsq@earthlink.net> Date: Sat, 14 Dec 2024 20:36:29 -0800 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] Injoy rule (portmap internet IP -> lan) X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 12/13/24 at 10:45 AM, "Massimo S." said: Hi Massimo, >> Daytime_in_log >> Rule-Action = Log, >> Comment = "Packet received from 93.204.114.105:13", >> Source = "193.204.114.105", >> Source-port = "13", >> Protocol = UDP, >> Log-Control = Enabled, >> Log-Mask = "date time severity message resolved_source resolved_dest", >> Log-File = "daytime_in.log" >> >> Daytime_out_log >> Rule-Action = Log, >> Comment = "Packet received from 192.168.1.10:13", >> Source = "192.168.1.10", >> Source-Port = "13", >> Log-Control = Enabled, >> Log-Mask = "date time severity message resolved_source resolved_dest", >> Log-File = "daytime_out.log" >> This will allow to verify the your daytime client is really talking to the >> ports you think it is. >thanks, but this rule do not produce any log This confirms what I expected - that your original ruleset did not make sense based on my knowledge of daytime servers. Typically, you would not be running an daytime server on your system, but rather you would be running at daytime client. The client would connect to port 13 on the external daytime server. This might get you some packets traced Daytime_out_log Rule-Action = Log, Comment = "Packet received from 192.168.1.10:13", Source = "192.168.1.10", Destination-Port = "13", Log-Control = Enabled, Log-Mask = "date time severity message resolved_source resolved_dest", Log-File = "daytime_out.log" >> BTW, what daytime client are you trying to use? >i don't recall exactly, You really ought get that problem fixed. but it works perfectly if i use mlink on the VM1 >VM1 has 2 Nics >maybe Injoy FW can't do what mlink does? That's possible, but it still could be your rule set. >>> This is the mlink rule: >>> link daytime 0.0.0.0:13 193.204.114.105:13 >>> access daytime 192.168.1.10 Having never used mlink, my read of this rule is that any attempt to connect via port 13 will be sent to port 13 at 193.204.114.105 as long as the attempt originates from an interface bound to 192.168.1.10. I would not call this port forwarding. It's more link NAT to my way of thinking. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------