/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Bruno Waes wrote:
> ----- Original Message -----
> From: "raf" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, April 02, 2001 8:34 AM
> Subject: Re: [Masq] ipportfw with ipchains ?
>
>
> > /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
> > /* ALSO: Don't quote this header. It makes you look lame :-) */
> >
> >
> > Bruno Waes wrote:
> >
> > > on a 2.2.18pre21 debian box i am using ipmasq with the
> > > TrintyOS firewall ruleset, which is working fine.
> > >
> > > but now i would need the outer world to be able to
> > > connect to a webserver that is on the internal network,
> > > i already have a webserver running on the masq box so i
> > > would use 80 for the normal webserver, and 8080 for the
> > > portforwarded server ...
> > >
> > > this is what i added in my firewall ruleset
> > >
> > > PORTFWIP1="192.168.168.10"
> > > echo PortFW1 IP: $PORTFWIP1
> > >
> > > echo " Optional parameter: internal WWW server"
> > > /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s
> > > $UNIVERSE -d $EXTIP 8080
> > >
> > >
> > > echo " Optional parameter: internal WWW server"
> > > /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s
> > > $EXTIP 8080 -d $UNIVERSE
> > >
> > >
> > > echo " * Enabling Port Forwarding onto internal hosts."
> > > /usr/sbin/ipmasqadm portfw -f
> > > echo " * Forwarding WWW traffic on port 8080 to
> > > $PORTFWIP1"
> > > /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 8080 -R
> > > $PORTFWIP1 80
> > >
> > >
> > > when i now connect (from intern network or from
> > > external network) to the masqbox on port 8080 it just
> > > doesnt do anything and doesnt give any loghits
> > > either ...
> > >
> > > any idea what might be wrong ?
> > >
> > > bruno
> >
> > it looks like it should work from external networks but
> > internally initiated port forwarding never works unless
> > you apply michael best's kernel patch which fixes this.
> > it's at http://www.com.org/~michael/masq-demasq.zip
> >
> > i can't see why it wouldn't work from the outside.
> > are all the rules there when you do "ipchains -L"
> > and the equivalent command for ipmasqadm?
>
>
> yes i know but it still doesnt work, i now tried with REDIR for redirecting,
> ... and it works, but only from the internal network ...
>
> redir --laddr=externalip --lport=23 --caddr=192.168.168.1 --cport=23
>
> that is the command i used ...
>
>
> i want to redirect the telnet port from the firewall/gateway machine to one
> of an internet machine ... but it doesnt work or the external use ...
>
> bruno
i don't know anything about redir except that it is far less
efficient than port forwarding in the kernel. i'd recommend
persevering with ipmasqadm portfw. it does work.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
