Dave Mielke wrote:
>
> [quoted lines by Adoram Rogel on November 12, 1999, at 18:42]
>
> >So I thought I can setup a simple ip forward rule on another machine
> >so that traffic to port 8080 (for example) of the other machine will be
> >transparently
> >forwarded to the firewall's port 80. This should be done without
> >masquerading.
>
> Well, in order to maintain the session, you need to use a flavour of
> masquerading which is called IP port forwarding. If you're on a 2.0 kernel,
> then you need ipportfw (which needs a kernel patch). If you're on a 2.2 kernel,
> then use ipmasqadm. If you need help setting any of this up then please let me
> know.
Thanks to Dave Mielke and logrus for your answers.
So I setup ipportfw on my 2.0.36 kernel and the forward works - but not
really.
My problem now is this:
I opened port 8080 in my firewall to machine X (x is on the inside of the
firewall) and I have a ipportfw -A -t X/8080 -R Y/80 rule, where Y is my
black box firewall.
Looking at tcpdump I can see it work, and the http requests go to Y, but
the ack from Y to the client (wherever he is) appear now as coming from
Y - the black box firewall, and therefore rejected by the client.
The client keeps trying and resending the HTTP requests to X and ignores the
ACK that he receives from Y.
Now, I can't masquerade the traffic that goes from Y - the black box
firewall
to the client, because they don't go thru X anymore, X is inside.
How do I solve this ?
Thanks again, Adoram
--
|----------------------------------------------------|
| Adoram Rogel email: [EMAIL PROTECTED] |
| OpenSource Inc. Tel: (650) 330-0652 |
| 1047, El Camino Real,#204 Fax: (650) 330-0205 |
| Menlo Park, CA 94025 Home: (650) 594-1010 |
|------* emailed using 100% recycled electrons *-----|
