Re: [Masq] Port FW Installed but not working

Sun, 08 Jul 2001 22:40:20 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Noah Eiger wrote:

> Hello:
> 
> I have installed ipmasqadm and executed the sample commands (in the HOWTO).
> This is supposed to forward port 80 from the public address to the specified
> internal address.
> 
> I have done this and it does not seem to be working. I used ipchains to
> build the masq (below):
> 
> :forward ACCEPT
> -P forward DENY
> -A forward -i eth0 -s 10.1.1.0/24 -j MASQ
> 
> (note, this is a "test" config so both the Internet and the internal
> addresses are in the private range)
> 
> As per the IPMASQ HOWTO, I run:
> # /usr/sbin/ipmasqadm portfw -f
> # /usr/sbin/ipmasqadm portfw -a -P tcp -L 192.168.1.20 80 -R 10.1.1.24 80
> 
> No errors but no port forwarding. What am I missing? I have bounced the box
> as well as network, re-executing those commands each time.

are you trying to initiate the port forwarding from inside or outside
the masuqeraded network? it doesn't work from inside, only from the outside.

> One thing, the HOWTO calls for adding these commands to the
> /etc/rc.d/rc.firewall. This file does not exist on my system. However:
> 
> # cat /proc/net/ip_masq/portfw
> Prot LAddr    LPort > RAddr    RPort PrCnt  Pref
> TCP  C0A80114    80 > 0A010118    80    10    10
> 
> What am I missing here?

the rc.firewall recommendation assumes a particular type of boot script
setup. ignore it if it doesn't match your system. if you do have the
bsd style bootscripts then put your script in rc.firewall and invoke
rc.firewall from rc.local or something like that.

if you have svr4 style boto scripts, put your script in the init.d directory
and link to it from the rc?.d directories such that it starts before the
network is brought up and stops after the network is brought down.

> Thanks in advance.
> 
> nme

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to