Re: [Masq] Apache, Proftpd, and IP Masq

Tue, 25 Jul 2000 04:10:09 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


steven walsh wrote:

>       I have a lovely IP Masq system (Debian 2.2, 2.2.16) that works
> very spiffy, except that I want to use Apache and Proftpd on the same box.
> This is where I have the problem.  I have both of the daemons installed,
> but I cannot connect with an ftp client or browser from outside the LAN.
> Even more frustrating, sshd and telnetd work just fine.  
> 
> My rc.firewall looks like:
> 
> #!/bin/sh
> # This is the IP Masq Firewall Config script
> # Loaded in /etc/init.d/rc.local
> 
> #initially load modules
> /sbin/depmod -a
> 
> # ftp
> /sbin/modprobe ip_masq_ftp
> 
> # real audio
> /sbin/modprobe ip_masq_raudio
> 
> #irc
> /sbin/modprobe ip_masq_irc
> 
> #quake
> /sbin/modprobe ip_masq_quake 26000,27000,27910,27960
> 
> #cuseeme
> /sbin/modprobe ip_masq_cuseeme
> 
> #vdo live
> /sbin/modprobe ip_masq_vdolive
> 
> #CRITICAL: Enable IP forwarding
> # also check /etc/networking/options
> echo "1" > /proc/sys/net/ipv4/ip_forward
> 
> # for dynamic IP
> echo "1" > /proc/sys/net/ipv4/ip_dynaddr
> 
> #timeouts
> /sbin/ipchains -M -S 7200 10 160
> 
> # for DHCP (cuz we have a cable modem)
> /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
> 
> #enable simple IP forwarding and masquerading
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
> 
> -----
> 
> What am I doing wrong/missing?  Any help appreciated.

hmm, it looks ok. what does tcpdump and your packet logs say when
you try to connect to apache/proftpd?

note: you don't need the ipchains rule for dhcp since the script
does not deny/reject input or output. everything is accepted.

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to