ip_rcmd_pxy on LINUX

Hi,

I'm trying to use the ip_rcmd_pxy (RCMD proxy) on Linux (Slackware 12.0).

however, the RCMD proxy, I can't get it to work (and the FTP proxy neither).

I'm not sure I'm doing this well, what I did was:

in ip_proxy.c around line 106, I moved

#include "netinet/ip_rcmd_pxy.c" below END OF INCLUDES.

Then I compiled this which seems to force inclusion of ip_rcmd_pxy.

How do I firewall RCMD now ? I don't really want to use NAT, just firewall.

I thought about using "NULL NAT".

in /etc/ipnat.conf

map eth0 0.0.0.0/0 -> 0.0.0.0/0 proxy port shell rcmd/tcp

Without IPFILTER, I can rsh just fine (with correct .rhosts) :

bash-3.1# rsh gecko ls
hardcopy.0
hardcopy.1

So that works from host asterix to gecko. Then I load the module:

root@gecko:/opt/ip_fil4.1.27-stes# modprobe ipfilter
root@gecko:/opt/ip_fil4.1.27-stes# ipnat -f /etc/ipnat.conf
root@gecko:/opt/ip_fil4.1.27-stes# ipnat -l
List of active MAP/Redirect filters:
map eth0 0.0.0.0/0 -> 0.0.0.0/0 proxy port shell rcmd/tcp

List of active sessions:


Next, I use the following IPF (and ipf -l)

# ipfstat -in
@1 pass in quick proto tcp from any to any port = ssh
@2 pass in quick proto tcp from any to any port = shell
@3 block return-rst in on eth0 all

The RCMD sessions are being blocked, the NAT rule doesn't seem to help.

2/01/2008 22:54:03.734095 2x eth0 @0:3 b 172.16.0.9,1021 -> 172.16.0.10,1022 PR tcp len 20 60 -AS IN
02/01/2008 22:54:06.819626 eth0 @0:3 b 172.16.0.9,1022 -> 172.16.0.10,1023 PR tcp len 20 40 -AR IN
02/01/2008 22:54:09.734750 2x eth0 @0:3 b 172.16.0.9,1021 -> 172.16.0.10,1022 PR tcp len 20 60 -AS IN


How should I write a rule that block all traffic, opens just SHELL,
and use the RCMD proxy to accept those 'associated' connections ?

Regards,
David Stes