Well ... since you've chosen to conceal the actual port and service involved (I infer this from your saying "a specific port, say 997"), that limits what we can suggest in return. The one thing I do see is an error in this entry:
>$IPCH -A input -j ACCEPT -p tcp a.b.c.d/32 997 -d 192.168.1.250/32 997 >-i eth0. It should read something like (variations on this are possible): $IPCH -A input -j ACCEPT -p tcp -s 0/0 -d a.b.c.d/32 997 -i eth0 (assuming that eth0 is the external interface). I'm surprised, in fact, that ipchains doesn't log an error from what you are trying. If that's not it, please try again, this time providing the usual stuff (see the Troubleshooting Request HowTo for specifics). Since you've checked the input chain, I'd guess a problem in the forward or output chain ... but spotting it requires less selective reporting than you've chosen to make. At 09:49 AM 5/13/02 +0200, Kjetil N�ss wrote: >Hi All. >I've been using DCD for almost a year now, and it works great. Now I >have the need to extend the capabilities of the firewall, and are stuck. >The scenario is this : I want to accept connections to address a.b.c.d >(which is a registered ip-address) to a specific port, say 997. I have a >server on my internal net at address 192.168.1.250 which listens on this >port. I've attempted the following : > >(from /etc/network.conf). > >EXTERN_TCP_PORT1 = "a.b.c.d 997 192.168.1.250 997" >There is already an entry for PORT0, which redirects www access, and it >works ok. > >INTERN_SERVERS = "tcp_a.b.c.d_997_192_192.168.1.250_997" > >(from (etc/ipfilter.conf) >At the end of /etc/ipfilter.conf : >$IPCH -A input -j ACCEPT -p tcp a.b.c.d/32 997 -d 192.168.1.250/32 997 >-i eth0. > >To test things out, I first did >ipchains --check input -s www.altavista.com 997 -d a.b.c.d 997 -p tcp -i >eth0 >Which returns accepted. > >Then I attempt to telnet a.b.c.d 997, and connect fails. Nothing in the >logs that I've found to help me indicate where the problem is. Solution >anyone ? -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ---------------------------------------------------------------- _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
