Re: [Masq] portfw question

raf Mon, 04 Sep 2000 22:08:40 -0700
/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


rsieben wrote:

> My question sounds quite simple, but I've got real a problem with portfw.
> I read the ipmasq-howto and I made anything as it was explained there, but I
> had no success.
> 
> Maybe I did something wrong, I don't know. Here is my problem:
> 
> 
>                                                 INTERNET
>                                                       |
>                                                       |
>                                                       |
>                                                  ROUTER    62.xxx.xxx.17
>                                                       |
>                                                       |
>                                                       |
>                          192.168.1.202  FIREWALL  62.xxx.xxx.18
>                                 |
>                                 |
>                                 |
>                         WEBSERVER
>                         192.168.1.201
> 
>  
> 
> I want to route the request for the webserver trough the router (CISCO 1000
> -ISDN Static IP) and the firewall.
> I used ipmasqadm and portfw
> 
> The following line I typed in:
> 
> ipmasqadm portfw -a -P tcp -L 62.xxx.xxx.18 80 -R 192.168.1.201 80
> 
> I get no error and when I use portfw -l I see a list where this command is
> confirmed.
> 
> BUT...
> As I started to test this I had no access to the webserver at all. I tried to
> start a http server on the firewall but no response aswell.
> So the request does not reach the webserver, but is redirected or rejected by
> portfw, I don't know.

did you initialise the masquerading? it is necessary to set up masquerading
in the opposite direction to the one you want to forward packets. without
doing so, the ipmasqadm commands will look like they are working fine, but
without masquerading, no port forwarding (in the other direction) can take
place.

you need something like this on the firewall host:
(as well as the ipmasqadm command)

    ipchains -P forward DENY
    ipchains -A forward -s 192.168.1.201 -j MASQ

this is mentioned either in the masquerading howto or the ipmasqadm manpage
(or both).

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
Re: [Masq] portfw question

Reply via email to
