EXTERN_TCP_PORT0="0/0 www 111.222.333.444" I think this wrong not really sure ????
EXTERN_TCP_PORTS="0/0_ssh 0/0_smtp 0/0_www 0/0_domain 0/0_https 0/0_pop-3 0/0_spop3" this is mine and it is working. How did you try to access your internal web server ???? since you are firewall and MASQ your public connection you can't access your port-fw connection via public address (eth0) from internal Client.. only way you can access by your internal ip-address 10.24.33.129 or dns name map to that address ask someone to access 111.222.333.444 from out side your network... it should work Upnet Joe ----- Original Message ----- From: "barwals" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 05, 2002 6:20 AM Subject: [Leaf-user] Port forwarding problem....! > Hi, > > I 'm running the Dachstein LEAF firewall. I'm not able to forwarding the external traffice which is coming to my valid IPaddr (eth0) to my internal web server which is a windows 2000 server. I have allready gone through all the related mailing list archive but could not solve the problem and hence I'm writing to this list. The error I'm getting in my browser is "Connection faild".... "Connection timed out". > > My configuration is as follows. > > EXTERN_IP=111.222.333.444 > EXTERN_IF =eth0 > INTERNAL_IP=10.24.33.224 > INTERNAL_IF =eth1 > INT_NET = 10.0.0.0/8 > IPFWDING_KERNEL= FILTER_ON > IPALWAYSDEFRAG_KERNEL = YES > CONFIG_HOSTNAME = YES > CONFIG_HOSTSFILE = YES > CONFIG_DNS = NO > IPFILTER_SWITCH = firewall > SNMP_BLOCK = YES > EXTERN_DHCP = NO > EXTERN_DHCP = NO > EXTERN_TCP_PORT0="0/0 www 111.222.333.444" > INTERN_SERVERS="tcp_111.222.333.444_www_10.24.33.150_www" > > My IPCHAINS RULES looks like they are accepting the connection at 111.222.333.444. But could not find the solution. Could anybody help me in that regard. > > > Regards . > > > Thanks. > > For your refrence I'm herewith attaching my ipchains output. > > -------------------------------------------------------------------------- ----------------------------------------- > Chain input (policy DENY: 2 packets, 256 bytes): > pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports > 2 56 DENY udp ------ 0xFF 0x00 eth0 165.165.8.1 0.0.0.0/0 * -> 37 > 15 900 DENY udp ------ 0xFF 0x00 eth0 165.165.8.1 0.0.0.0/0 * -> 514 > 6 1065 DENY udp ------ 0xFF 0x00 eth0 164.100.250.91 0.0.0.0/0 * -> 631 > 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 5 -> * > 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 13 -> * > 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 14 -> * > 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 255.255.255.255 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 127.0.0.0/8 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 224.0.0.0/4 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 172.16.0.0/12 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.0.0/16 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/8 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 128.0.0.0/16 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 191.255.0.0/16 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 192.0.0.0/24 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 223.255.255.0/24 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 240.0.0.0/4 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 111.222.333.444 0.0.0.0/0 n/a > 0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0.0.0/0 127.0.0.0/8 n/a > 0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0.0.0/0 10.0.0.0/8 n/a > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138:139 > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138 > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:138 -> * > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:139 -> * > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * > 5 300 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 111.222.333.444 * -> 80 > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 113 > 0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 > 0 0 REJECT udp ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 161:162 > 94 31265 DENY udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 67 > 16 2150 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 > 0 0 ACCEPT icmp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> * > 0 0 ACCEPT ospf ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a > 0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 161:162 > 0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 161:162 -> * > 150 20397 ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a > Chain forward (policy DENY: 0 packets, 0 bytes): > pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports > 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 5 -> * > 0 0 MASQ tcp ------ 0xFF 0x00 * 10.24.33.129 0.0.0.0/0 80 -> * > 0 0 MASQ all ------ 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a > 0 0 DENY all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a > Chain output (policy DENY: 0 packets, 0 bytes): > pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports > 31 17832 fairq all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 255.255.255.255 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 127.0.0.0/8 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 224.0.0.0/4 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 172.16.0.0/12 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.0.0/16 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/8 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 128.0.0.0/16 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 191.255.0.0/16 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 192.0.0.0/24 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 223.255.255.0/24 0.0.0.0/0 n/a > 0 0 DENY all ----l- 0xFF 0x00 eth0 240.0.0.0/4 0.0.0.0/0 n/a > 0 0 DENY all ------ 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138:139 > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138 > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:138 -> * > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:139 -> * > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * > 31 17832 ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a > Chain fairq (1 references): > pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports > 0 0 RETURN ospf ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 n/a > 0 0 RETURN ospf ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 n/a > 0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 520 > 0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 520 -> * > 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 179 > 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 179 -> * > 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 53 > 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 53 -> * > 0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 53 > 0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 53 -> * > 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 * -> 23 > 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 23 -> * > 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 * -> 22 > 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 22 -> * > -------------------------------------------------------------------------- ----------------------------------------- > > :: Port FW :: > > > prot localaddr rediraddr lport rport pcnt pref > TCP 164.100.53.100 10.24.33.129 80 80 10 10 > > > Thanks once again. > > Sudhir Barwal > > > > > Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com > > Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
