/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Well there is a problem with the syntax you sent me
you ask me to
--------------------------
#note: I cannot use -d $EXTIP as the rule never seems to match
#
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 21 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 21 \
-j DNAT --to $PORTFWIP:21
--------------------------
But i have put thoose on my rc.firewall i have got an error report
--------------------------
root@linux:/etc/rc.d# ./rc.firewall
Loading simple rc.firewall version 0.62..
External Interface: ppp0
Internal Interface: eth0
loading modules: - Verifying that all kernel modules are ok
ip_tables, insmod: ip_tables: no module by that name found
ip_conntrack, insmod: ip_conntrack: no module by that name found
ip_conntrack_ftp, insmod: ip_conntrack_ftp: no module by that name found
iptable_nat, insmod: iptable_nat: no module by that name found
ip_nat_ftp, insmod: ip_nat_ftp: no module by that name found
. Done loading modules.
enabling forwarding..
enabling DynamicAddr..
clearing any existing rules and setting default policy..
FWD: Allow all connections OUT and only existing and related ones IN
Enabling SNAT (MASQUERADE) functionality on ppp0
iptables v1.2.2: host/network `ppp0' not found
Try `iptables -h' or 'iptables --help' for more information.
rc.firewall-2.2 v0.62 done.
root@linux:/etc/rc.d#
--------------------------
The Modules are not the problem bcz they are loaded as prt of the kernel as
you see
iptables report of host/network 'ppp0' not found
i have changed the interface name with my EXTERNAL IP ADDRes
and it seems to work
My Firewall ruleset right now is
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
#$IPTABLES -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j
TCPMSS --clamp-mss-to-pmtu
echo " FWD: Allow all connections OUT and only existing and related ones
IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 21 -m state --state
NEW,
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j
ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
#Port Forwarding
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 21 -j DNAT --to
192.168.0.1:21
#
-------
Anyway My ISP is Braindead so i need to use
#$IPTABLES -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j
TCPMSS --clamp-mss-to-pmtu
i have tried to add CLAMP-MSS as you see the script above is that matter
the location of the rule ???
(Anyway thats not working ;-(
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
