Thanks, for the advice. Actually I do need to MASQ both incoming and outgoing packets. I have not mentioned this in previous postings but this new firewall is set up on a second T-1 line. I have an old T-1 and firewall that will be dropped a few weeks after this one is up. If I don't mask the incoming then when the web server responds the routers will send that traffic out through the old T-1. In the final product I was going to set the forward policy to DENY or REJECT and have two lines that would MASQ port 80 incoming and outgoing. After the old T-1 is dropped then that could be changed. I had not thought of it before you mentioned it but is it possible to MASQ both incoming and outgoing?
Thanks for the input, Brian > -----Original Message----- > From: Michael Wood [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 14, 2001 1:36 AM > To: [email protected] > Subject: Re: FW: Help! ipmasqadm problem - Help its still not working > > > I don't think you want to set the forward policy to MASQ. > > I have never used ipmasqadm, but how about trying this: > > ipchains -F # flush all rules > ipchains -X # get rid of any user defined chains too > ipmasqadm portfw -f > ipchains -P output ACCEPT > ipchains -P forward ACCEPT > ipchains -P output ACCEPT > echo 1 > /proc/sys/net/ipv4/ipforward > ipchains -A forward -s 192.168.56.0/24 -d 0.0.0.0/0 -i eth1 -j MASQ > ipmasqadm portfw -a -P tcp -L 207.202.255.134 80 -R 192.168.56.10 80 > > if you have ipchains -P forward MASQ it will "masqerade" > incoming stuff and outgoing stuff instead of just outgoing > stuff. > > On Tue, Feb 13, 2001 at 02:24:00PM -0500, Brian Kimsey-Hickman wrote: > > The strange thing is, it seems to make sense. But, it is > > still not forwarding. I thought if I set the policy to MASK > > and everything else to ACCEPT that would leave it wide open. > > Once I got the firewall to forward then I could tighten the > > script. It just seems that no matter what I do I cannot > > forward to my web server. I did set the forward policy to > > DENY. It still does not work. > [snip] > > -- > Michael Wood | Tel: +27 21 762 0276 | http://www.kingsley.co.za/ > [EMAIL PROTECTED] | Fax: +27 21 761 9930 | Kingsley Technologies > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
