/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Jim Warren wrote:
> we have redhat 7 installed and have ipfwadm working to masq outgoing
> traffic....(we have been unable to get ipchains to work...) and we are
> trying to get ipmasqadm to work to forward traffic from the internet to
> internal machines....
>
> first,
> ipfwadm -f -P deny
> ipfwadm -F -a m -W eth0 -S 192.168.1.0/24 -D 0.0.0.0/24
>
> seems to work fine for outgoing traffic,
>
> and then we add
>
> ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 80 -R yyy.yyy.yyy.yyy 80
>
> to try to redirect outside requests to a webserver inside the network....
>
> the portfw does not forward the traffic ... i have not been able to find
> any info about troubleshooting at all.... (the xxx.xxx.xxx.xxx is a public
> address "virtually added" to this machines eth0:0 interface.... the
> yyy.yyy is on the private address space on the lan..)
>
> any hints appreciated very much...
get ipchains working first. then use ipmasqadm. that may get
the packets forwarded but bear in mind that the outgoing
reply packets will not use the eth0:0 address as their
source address. they will use the address of the default
route's interface (presumably eth0). to make sure that the
reply packets get the right source address, you need the
iproute2 package, you need to read the ip command reference,
especially fwmark nat (appendix c, page 50). you could also
take a look at fwup.org which attempts to do this for you.
look for alias port forwarding. i'd like to know how you get
on with it.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
