[Masq] [MASQ] Port forwarding for SQL Server

Wed, 04 Oct 2000 01:08:18 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Good day,

my MS SQL Server sits behind a Linux gateway. Using the following IPCHAINS I
am trying to forward all requests for Port 1433 that arrive at the Linux
gateway to be forwarded to the internal SQLIP. Problem is, it does not work.
If I change the destination port (SQLPORT) to say port 80 the web server on
the SQLIP-Machine does answer.

Most of the code is extracted from TrinityOS and/or MASQ HOW To.

Any help would be greatly appreciated.

Best regards

Peer Oliver Schmidt

#!/bin/sh

UNIVERSE="0.0.0.0/0"
IP_LNET=10.1.1.1
EXTIF="ippp0"
SQLIP=10.1.1.5
SQLPORT=1433
EXTIP=`ifconfig $EXTIF | awk '/inet addr/ { gsub(".*:", "", $2) ; print
$2 }'`

echo External IP: $EXTIP

/sbin/ipchains -F

/sbin/ipchains -v -P forward DENY   # Disable anything coming in
/sbin/ipchains -v -A forward -i ippp0 -j MASQ   # Masquerade everything
going out

echo "Accepting Port $SQLPORT from universe for INPUT and FORWARDING"
/sbin/ipchains -A input -j ACCEPT -p tcp -s $UNIVERSE -d $UNIVERSE $SQLPORT
/sbin/ipchains -A input -j ACCEPT -p tcp -s $UNIVERSE $SQLPORT -d $UNIVERSE
/sbin/ipchains -A forward -j ACCEPT -p tcp -s $UNIVERSE -d $UNIVERSE
$SQLPORT
/sbin/ipchains -A forward -j ACCEPT -p tcp -s $UNIVERSE $SQLPORT -d
$UNIVERSE

/sbin/ipchains -A input -j ACCEPT -p udp -s $UNIVERSE -d $UNIVERSE $SQLPORT
/sbin/ipchains -A input -j ACCEPT -p udp -s $UNIVERSE $SQLPORT -d $UNIVERSE
/sbin/ipchains -A forward -j ACCEPT -p udp -s $UNIVERSE -d $UNIVERSE
$SQLPORT
/sbin/ipchains -A forward -j ACCEPT -p udp -s $UNIVERSE $SQLPORT -d
$UNIVERSE

echo "Marking packets for port $SQLPORT to be forwarded"
/sbin/ipchains -I input -p tcp -y -d $EXTIP $SQLPORT -m 1
/sbin/ipchains -I input -p tcp -y -d $IP_LNET $SQLPORT -m 2
echo "Forwarding marked packets"
/usr/sbin/ipmasqadm mfw -F
/usr/sbin/ipmasqadm mfw -A -m 1 -r $SQLIP $SQLPORT -p 10
/usr/sbin/ipmasqadm mfw -A -m 2 -r $SQLIP $SQLPORT -p 10

echo "Loading FTP modules"
/sbin/modprobe ip_masq_ftp

echo 1 > /proc/sys/net/ipv4/ip_forward   # Enable routing

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to