This is what I use. Note: you can not test this from within the same
network! I have beta3. Don't ask me why I did it like this, I know I
should re-write it to make more sense, but it does work.
#Portforward script
ipvsadm -C
IPADDRESS=`ifconfig eth1 | grep inet | cut -d : -f 2`
IPADDRESS=`echo $IPADDRESS | cut -d \ -f 1`
echo $IPADDRESS
MAILADDRESS=$IPADDRESS":25"
WEBADDRESS=$IPADDRESS":80"
TELNETADDRESS=$IPADDRESS":23"
POP3ADDRESS=$IPADDRESS":110"
IMAPADDRESS=$IPADDRESS":143"
ipvsadm -A -t $MAILADDRESS
ipvsadm -a -t $MAILADDRESS -r 192.168.0.202 -m
ipvsadm -A -t $WEBADDRESS
ipvsadm -a -t $WEBADDRESS -r 192.168.0.201 -m
ipvsadm -A -t $TELNETADDRESS
ipvsadm -a -t $TELNETADDRESS -r 192.168.0.200 -m
ipvsadm -A -t $POP3ADDRESS
ipvsadm -a -t $POP3ADDRESS -r 192.168.0.202 -m
ipvsadm -A -t $IMAPADDRESS
ipvsadm -a -t $IMAPADDRESS -r 192.168.0.202 -m
ipvsadm -L
--- Michael Segulja <[EMAIL PROTECTED]> wrote:
> I tried this, and it did not work. The first command, ipvsadm -L -n
> doesn't show anything. The second command tells me that -A is not a
> valid option.
>
> Does ip forwarding not currently work on Beta4? Or am I doing something
> wrong? I really need to get this working as soon as possible.
>
>
> Thanks,
>
> Michael
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 05, 2001 2:11 AM
> To: [EMAIL PROTECTED]
> Subject: [Cooker-firewall] port forwarding
>
>
> Hi there,
>
> actually you cannot see the enrties in the ipchains because this a
> separate module compiled in the kernel: ipvsadm that is.
>
> IP explanation:
> My test-firewall: 192.168.1.178 and my test-client-web-sever:
> 192.168.2.254
> so, it goes :
>
> [root@mypc /root] ipvsadm -L -n
> IP Virtual Server version 1.0.2 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP 192.168.1.178:80 wlc
> -> 192.168.2.254:80 Masq 1 0 0
>
> or
>
> [root@mypc /root] ipvsadm -S -n
> -A -t 192.168.1.178:80 -s wlc
> -a -t 192.168.1.178:80 -r 192.168.2.254:80 -m -w 1
>
>
> By the way, we have adde also Prelude and Snort as IDS-es ;)
>
> cheers,
> --
> Florin http://www.mandrakesoft.com
>
>
> "John Johnson" <[EMAIL PROTECTED]> writes:
>
> > ok, this helps a little bit more :) Can you post your Ipchains rules
> > so we can take a look?
> >
> > -John
> >
> >
> >
> > > Uh, yeah. I'm trying to connect to my webserver and news server
> > > from my work computer at my office. I figured I wouldn't need to
> > > mention that, but I guess I do.
> > >
> > > So to be more clear, from OUTSIDE my firewall, I cannot connect to
> > > my webserver. Instead of the firewall forwarding the requests to
> > > the appropriate server, the firewall's web server is what I'm
> > > getting.
> > >
> > > Thanks,
> > >
> > > Michael
>
=====
^C
quit
:q
exit
?
help
shit
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
