I suggest submitting a FAQ along these lines for port forwarding
in Dachstein due to the excessive mailing list traffic on this
subject lately.
Thoughts???
############# START OF FAQ ##########################
Q. How do I port forward a service through my Dachstein firewall to
the my internal network?
A. There are four steps to port forwarding in Dachstein, they are as
follows:
1) Edit /etc/modules and uncomment the "ip_masq_portfw" module.
Save the file and exit. You may need to download this module
and copy it to /lib/modules on your running LEAF system if you
are using the floppy version.
2) Edit /etc/network.conf to open the desired port to forward with one
of these syntax's:
# TCP services open to outside world
# Space seperated list: srcip/mask_dstport
EXTERN_TCP_PORTS=0/0_www 0/0_1023"
# -or-
# Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
#EXTERN_TCP_PORT0="5.6.7.8 domain 1.1.1.12"
EXTERN_TCP_PORT0="0/0 www"
Use only one of these two, using both will mean the second syntax
will not work at all ...ie, you can mix the two options in any way.
Be sure that the one you are not using is commented with a "#" at
the beginning of the line.
Note: you can use shorthand like "www" for port 80 or simply use
the port number itself ("80" for example) instead.
3) While you're editing /etc/network.conf, you will also need to specify
the port forwarding itself. You do this with:
# Uncomment following for port-forwarded internal services.
# The following is an example of what should be put here.
# Tuples are as follows:
# <protocol>_<local-ip>_<local-port>_<remote-ip>_<remote-port>
INTERN_SERVERS="tcp_${EXTERN_IP}_www_192.168.1.1_www"
#-or-#
# These lines use the primary external IP address...if you need to
# port-forward
# an aliased IP address, use the INTERN_SERVERS setting above
#INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available
As with Step 2, you can use one of these options of the other but not
both. I suggest using the first option since all ports and addresses
are implicitly stated and you can use different ports coming into the
firewall and sent to the internal server. It also allows more
flexibility for using non-standard ports. I personally use port 81
for my external web-services, but use port 80 on the internal network.
The first syntax allows for forwarding the external port 81 to the
internal port 80 with a line like this:
INTERN_SERVERS="tcp_${EXTERN_IP}_81_192.168.1.1_80"
After you are finished with the configuration here, save the file and
exit the editor.
4) You are now finished with all the configuration, you should now
the "lrcfg" menu system (if you are not using it already) and choose
the backup option. You will need to backup the "etc" and "modules"
packages. After both of the packages are backed up, exit the menu
system and reboot the Dachstein machine. Your new port forwarding
setup should now be operational.
############### END OF FAQ ##############################
I hope this would make this less compilicated for many users ;-)
--
~Lynn Avants
aka Guitarlynn
guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net
If linux isn't the answer, you've probably got the wrong question!
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
