On Wed, 30 Jun 1999, Marcin Owsiany wrote: > My ipchains rules are now almost empty, there is _NO_ DENY or > REJECT in the chains. Port forwarding from local host to remote > still does not work! (of course everything is OK if you connect by > port 8888 from a host diffirent than the firewall) > > So my question is: has anyone succeeded in such setup before? Or > is it just impossible under Linux?
Hello, Marcin. Not sure if I replied to this dilema of yours yet or not, however, it looks to me that you're using ipmasqadm in the wrong way. "ipmasqadm portfw" is most often used to allow connections from outside of your firewall to a server inside. In fact, I use it for that very reason here at work. When people send us email, they send to mail.ltiflex.com. However, they are actually sending the mail to my firewall server on port 25. "Ipmasqadm portfw" then forwards it to the server behind the firewall. I know that trying to connect to the external interface port from inside the firewall does not work. To test this, try telneting to the external interface port. It simply doesn't answer. However, when I telnet out to a remote server and back in to the external interface, it forwards the port correctly. Strange, but that's how it works. It looks like what you're trying to do is redirect outgoing web traffic to a web proxy server. What you may need to do is an ipchains rule that redirects outgoing traffice destined to port 80 of the external network to a local port. Then, try to use the program called "transproxy" to forward traffic from that local port to the proxy server. I haven't implemented it's use here yet, but I'm going to look into it. (I can't play around w/the firewall rules on the server during business hours, so I can't help work out the problem or test some of my theories. *shrug*) Where ipmasqadm and ipmasquerading lacks, perhaps the NAT project would fit the bill. Do a search on google for "ipnatadm". ^chewie http://nerp.net/~chewie <<--- Check it out! I'm selling my truck!
