/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
hello all,
i have the simple problem to forward port 25 of an ip in the dmz to
port 25 of an internal ip.
my situation looks like
|
| eth0
+--------------+
| | servers, $dmzIP
| firewall +-----------------
| | eth1
+---+----------+
| eth2
|
|
| internal 192.168.0.x
| $intIP
the $intIP can surf the internet (masqueraded) and is pingable from a
server of the dmz.
i used the following commands:
ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L $dmzIP 25 -R $intIP 25
ipmasqadm portfw -a -P tcp -L $dmzIP 80 -R $intIP 80
as well as:
ipchains -A input -d $dmzIP 25 -j ACCEPT
ipchains -A input -d $dmzIP 80 -j ACCEPT
# do not masq from intern to servers, just forward
ipchains -A forward -s $intIP -d $serverNET -j ACCEPT
# masq everything else
ipchains -A forward -s $intIP -j MASQ
now, i have a forwarding problem in the logs:
Oct 27 06:20:24 gorgon kernel: Packet log: forward DENY eth1 PROTO=6
an.external.ip.any:1141 $dmzIP:25 L=60 S=0x00 I=17008 F=0x4000 T=53
SYN (#12)
which rule do i need to forward the package correctly ?
what is going wrong?
the ipmasqadm portfw -n -l shows:
gorgon:/ # ipmasqadm portfw -l -n
prot localaddr rediraddr lport rport pcnt pref
TCP $dmzIP $intIP 80 80 10 10
TCP $dmzIP $intIP 25 25 10 10
gorgon:/ #
many thanks for fast replys! it should work in 1.5 hours from this
mail :-(((
jan
---
Jan Stifter
http://www.medres.ch/~jstifter/
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
