/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
----- Original Message -----
From: "raf" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, April 02, 2001 8:34 AM
Subject: Re: [Masq] ipportfw with ipchains ?
> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
> /* ALSO: Don't quote this header. It makes you look lame :-) */
>
>
> Bruno Waes wrote:
>
> > on a 2.2.18pre21 debian box i am using ipmasq with the
> > TrintyOS firewall ruleset, which is working fine.
> >
> > but now i would need the outer world to be able to
> > connect to a webserver that is on the internal network,
> > i already have a webserver running on the masq box so i
> > would use 80 for the normal webserver, and 8080 for the
> > portforwarded server ...
> >
> > this is what i added in my firewall ruleset
> >
> > PORTFWIP1="192.168.168.10"
> > echo PortFW1 IP: $PORTFWIP1
> >
> > echo " Optional parameter: internal WWW server"
> > /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s
> > $UNIVERSE -d $EXTIP 8080
> >
> >
> > echo " Optional parameter: internal WWW server"
> > /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s
> > $EXTIP 8080 -d $UNIVERSE
> >
> >
> > echo " * Enabling Port Forwarding onto internal hosts."
> > /usr/sbin/ipmasqadm portfw -f
> > echo " * Forwarding WWW traffic on port 8080 to
> > $PORTFWIP1"
> > /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 8080 -R
> > $PORTFWIP1 80
> >
> >
> > when i now connect (from intern network or from
> > external network) to the masqbox on port 8080 it just
> > doesnt do anything and doesnt give any loghits
> > either ...
> >
> > any idea what might be wrong ?
> >
> > bruno
>
> it looks like it should work from external networks but
> internally initiated port forwarding never works unless
> you apply michael best's kernel patch which fixes this.
> it's at http://www.com.org/~michael/masq-demasq.zip
>
> i can't see why it wouldn't work from the outside.
> are all the rules there when you do "ipchains -L"
> and the equivalent command for ipmasqadm?
yes i know but it still doesnt work, i now tried with REDIR for redirecting,
... and it works, but only from the internal network ...
redir --laddr=externalip --lport=23 --caddr=192.168.168.1 --cport=23
that is the command i used ...
i want to redirect the telnet port from the firewall/gateway machine to one
of an internet machine ... but it doesnt work or the external use ...
bruno
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
