/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Bruno Waes wrote:
> on a 2.2.18pre21 debian box i am using ipmasq with the
> TrintyOS firewall ruleset, which is working fine.
>
> but now i would need the outer world to be able to
> connect to a webserver that is on the internal network,
> i already have a webserver running on the masq box so i
> would use 80 for the normal webserver, and 8080 for the
> portforwarded server ...
>
> this is what i added in my firewall ruleset
>
> PORTFWIP1="192.168.168.10"
> echo PortFW1 IP: $PORTFWIP1
>
> echo " Optional parameter: internal WWW server"
> /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s
> $UNIVERSE -d $EXTIP 8080
>
>
> echo " Optional parameter: internal WWW server"
> /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s
> $EXTIP 8080 -d $UNIVERSE
>
>
> echo " * Enabling Port Forwarding onto internal hosts."
> /usr/sbin/ipmasqadm portfw -f
> echo " * Forwarding WWW traffic on port 8080 to
> $PORTFWIP1"
> /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 8080 -R
> $PORTFWIP1 80
>
>
> when i now connect (from intern network or from
> external network) to the masqbox on port 8080 it just
> doesnt do anything and doesnt give any loghits
> either ...
>
> any idea what might be wrong ?
>
> bruno
it looks like it should work from external networks but
internally initiated port forwarding never works unless
you apply michael best's kernel patch which fixes this.
it's at http://www.com.org/~michael/masq-demasq.zip
i can't see why it wouldn't work from the outside.
are all the rules there when you do "ipchains -L"
and the equivalent command for ipmasqadm?
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
