[Masq] IPtables Port Forwarding Troubles

Sun, 03 Feb 2002 14:45:00 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */

Hello all,
        I have been following this list for some time now and have noticed
that questions relating to iptables are being fielded here.  Well the time
has come for me to ask a question to the group: I am currently running RH
7.2/2.4.9-13 kernel.  This box acts as a firewall that masquerades our
private networks as well as doing port forwarding to our mail/web/ftp and DNS
services.  I have extensively read the documentation as well as successfully
implemented similar firewalls with ipchains.  O.K.

        My troubles seem to be stemming from getting my port
forwards to work properly.  I know with ipchains that when you want to
forward a port you can create an alias for the IP on your external network
card (so that the firewall listens for the specific IP) then setup
your forwarding rule.  (I know this is rather unorthodox to say the least
but it is what my client wanted to happen).  I have taken this same
approach with iptables yet have not had *any* success with it.  I am able
to forward ports for IP address that are listening as the primary IP address
on the external NIC but not for aliases (i.e. i can forward requests
coming from IP address 63.211.44.195 port 22 when the external NIC on the
firewall is configured to be 63.211.44.195.)  Yet, how would I get
requests coming from 63.211.44.196 port 22 to get redirected to an
internal machine without changing the primary NIC IP?

        Any reasoning why this is not working for me?  Oh yea, I am using
gShield-2.7.1 to generate my iptables rules.  Let me know if you want to
see code, I *can* get it to you all, just not right now :(

Thanks in advance all!

Pete


-- 
Pete Wright

email:  [EMAIL PROTECTED]
mobile: 917.415.9866

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to