On Monday 18 March 2002 19:47, Ray Olszewski wrote:
> Excellent idea, Lynn, and good first draft. I suggest a few edits.
> (I've pulled them out, but left your doc at the end for reference.)
Thanks Ray, I am going to learn to re-read these things before I
post ... or atleast spell-check them. ;-)
Here is a new copy with Ray's suggestions
###### start of FAQ ############################
Q. How do I port forward a service through my Dachstein firewall to
the my internal network?
A. There are four steps to port forwarding in Dachstein. They are as
follows:
1) Edit /etc/modules and uncomment the "IP_masq_portfw" module.
Save the file and exit. You may need to download this module
and copy it to /lib/modules on your running LEAF system if you
are using the floppy version.
2) Edit /etc/network.conf to open the desired external port you would
like to to forward with one of the two available options:
# TCP services open to outside world
# Space separated list: srcip/mask_dstport
EXTERN_TCP_PORTS="0/0_www"
# -or-
# Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
#EXTERN_TCP_PORT0="5.6.7.8 domain 1.1.1.12"
EXTERN_TCP_PORT0="0/0 www"
Use only one of these two forms of entry. If you use both, only the one you
use first will have any effect. Whichever one appears second in the file
will be disregarded. Be sure that the one you are not using is "commented
out" with a "#" at the beginning of the line.
You can use either the actual port number itself (for example, "80"), or you
can use the symbolic name for the port that appears in the file
/etc/services (in the same example, "www").
3) While you're editing /etc/network.conf, you will also need to specify
the port forwarding itself. You do this with:
# Uncomment following for port-forwarded internal services.
# The following is an example of what should be put here.
# Tuples are as follows:
# <protocol>_<local-ip>_<local-port>_<remote-ip>_<remote-port>
INTERN_SERVERS="tcp_${EXTERN_IP}_www_192.168.1.1_www"
#-or-#
# These lines use the primary external IP address...if you need to
# port-forward
# an aliased IP address, use the INTERN_SERVERS setting above
#INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available
As with Step 2, you can use one of the options or the other of these options, but not
both. I suggest using the first option, since all ports and addresses
are explicitly stated and you can use different ports coming into and
forwarded out of the firewall. It also allows more
flexibility for using non-standard ports.
I personally use port 81
for my external web-services, but use port 80 on the internal network.
The first syntax allows for forwarding the external port 81 to the
internal port 80 with a line like this:
INTERN_SERVERS="tcp_${EXTERN_IP}_81_192.168.1.1_80"
After you are finished with the configuration here, save the file and
exit the editor.
4) You are now finished with all the configuration. You should now
the "lrcfg" menu system (if you are not using it already) and choose
the backup option. You will need to backup the "etc" and "modules"
packages. After both of the packages are backed up, exit the menu
system and reboot the Dachstein machine. Your new port forwarding
setup should now be operational.
############# end of FAQ ####################################
--
~Lynn Avants
aka Guitarlynn
guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net
If linux isn't the answer, you've probably got the wrong question!
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
