/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Hello, I think that I might be a little ambigious. Basically I have 3 windows masqed PCs, on a 192.168.x.x network. There is a RH linux FW with 2 interfaces, one on the 192.168.x.x network and one on the internet with the IP 216.103.x.x. From my 192.168.x.x network, I can ping 216.103.x.x, i.e the RH linux host. I can also telnet to 216.103.x.x from the 192.168.x.x network. On the 192.168.x.x, there is a web/ftp server which I have used ipchains to allow the internet to connect to. i.e. people from the internet can ftp 216.103.x.x or http://216.103.x.x and access this internally masqed win2000 ftp/http server. But from the 192.168.x.x. network, I cannot access ftp 216.103.x.x or http://216.103.x.x. But if I use its internal IP address from the 192.168.x.x network, I can access it locally. What should be done to allow my 192.168.x.x hosts to access ftp 216.103.x.x or http://216.103.x.x? Thanks for all the responses! Vernon >From: "Jose M. Sanchez" <[EMAIL PROTECTED]> >Reply-To: <[EMAIL PROTECTED]> >To: "Nik T" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: RE: [Masq] Re: [Masq] Why am I not able to connect to the >external addressfrom internal masqed PCs? >Date: Fri, 7 Jul 2000 03:53:07 -0400 >MIME-Version: 1.0 >Received: from [24.239.0.10] by hotmail.com (3.2) with ESMTP id >MHotMailBB2ED50A0026D82197D018EF000A551A0; Fri Jul 07 00:43:10 2000 >Received: from Whopper ([24.239.25.86]) by pop02.ex-pressnet.com with >Microsoft SMTPSVC(5.5.1877.447.44); Fri, 7 Jul 2000 03:37:10 -0400 >From [EMAIL PROTECTED] Fri Jul 07 00:43:16 2000 >Message-ID: <[EMAIL PROTECTED]> >X-Priority: 3 (Normal) >X-MSMail-Priority: Normal >X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) >In-Reply-To: <[EMAIL PROTECTED]> >X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 >Importance: Normal >Return-Path: [EMAIL PROTECTED] > > >1) Do you have the ip_masq_ftp module loaded? > >2) Are your rules prohibiting http access? > >Normally masq works just fine with http, unless you've restricted it too >much. > >-JMS > >|-----Original Message----- >|From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf >|Of Nik T >|Sent: Friday, July 07, 2000 2:19 AM >|To: [EMAIL PROTECTED]; [EMAIL PROTECTED] >|Subject: [Masq] Re: [Masq] Why am I not able to connect to the external >|addressfrom internal masqed PCs? >| >| >|/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! >|/* ALSO: Don't quote this header. It makes you look lame :-) */ >| >| >|Hello Michael, >| >|Thanks for your help. I was hoping for something simpler than that. I used >|10.10.10.10 as a hypothetical internet address. Let say its >|216.111.222.333. I am able to telnet and ping to 216.111.222.333. But I >|cannot ftp and http to this address from my internal masqed hosts. >|Any help >|is appreciated. >| >|Regards, >|Vernon >| >|>From: "Michael Best" <[EMAIL PROTECTED]> >|>To: Nik T <[EMAIL PROTECTED]> >|>Subject: [Masq] Why am I not able to connect to the external >|address from >|>internal masqed PCs? >|>Date: Thu, 06 Jul 2000 22:10:49 EDT >|>MIME-Version: 1.0 >|>Received: from [216.189.8.110] by hotmail.com (3.2) with ESMTP id >|>MHotMailBB2E86710084D820F3ACD8BD086E04CC0; Thu Jul 06 19:07:46 2000 >|>Received: from com.org (com.org [216.189.13.22])by ru3.servadmin.com >|>(8.9.3/8.9.3) with SMTP id WAA06869for <[EMAIL PROTECTED]>; Thu, 6 Jul >|>2000 22:14:01 -0400 >|>From [EMAIL PROTECTED] Thu Jul 06 19:10:35 2000 >|>Message-id: <[EMAIL PROTECTED]> >|>In-reply-to: <[EMAIL PROTECTED]> >|> >|>On 07 Jul 2000, Nik T wrote: >|> >|> > Why am I not able to connect to the external address from internal >|>masqed >|> > PCs? >|> >|>If you are using portfw or mfw this will not work unless you modify the >|>kernel. I've written a patch which you can download at >|>http://www.com.org/~michael/masq-demasq.zip. Save it in /usr/src as >|>masq-demasq.patch and run "patch -l -p0 <masq-demasq.patch" from there. >|>This >|>patch basically allows "de-masqed" packets to be "masq-ed" again. Thus it >|>checks the forward chain even when packets have been de-masqed. >|However, it >|>ignores "DENY" or "REJECT" targets. Thus your MASQ rule should be based >|>only >|>on the source address and not on the destination interface or address. >|> >|>-- Michael Best >|> >| >|________________________________________________________________________ >|Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com >| >|_______________________________________________ >|Masq maillist - [EMAIL PROTECTED] >|Admin requests can be handled at http://www.indyramp.com/masq-list/ -- >|THIS INCLUDES UNSUBSCRIBING! >|or email to [EMAIL PROTECTED] >| >|PLEASE read the HOWTO and search the archives before posting. >|You can start your search at http://www.indyramp.com/masq/ >|Please keep general linux/unix/pc/internet questions off the list. > ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
