Re: [Masq] Re: connection refused with ipmasqadm portfw

Fri, 15 Mar 2002 04:04:20 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */

Scott Decker wrote:

> I'm having the same problem. Someone please help. Here's my info:
> 
> [root@dsl-ip scott]# /sbin/ipchains -L
> Chain input (policy ACCEPT):
> Chain forward (policy DENY):
> target     prot opt     source                destination           ports
> MASQ       tcp  ------  dsl-ip.mother.com/30 anywhere              1329 ->   any
> MASQ       all  ------  192.168.0.0/24       anywhere              n/a
> Chain output (policy ACCEPT):
> 
> and in my /etc/rc.firewall script
> 
> echo "1" > /proc/sys/net/ipv4/ip_forward
> /sbin/ipchains -M -S 7200 10 160
> /sbin/ipchains -I forward -p tcp -s 63.201.171.178/30 1329 -j MASQ

remove the line above. it makes no sense. you're telling it to masquerade
packets that originate from your external interface. such packets are not
forwarded since they originate locally. it looks like you think this is
needed for port forwarding but it isn't. the next three lines are enough.

> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
> /usr/sbin/ipmasqadm portfw -a -P tcp -L 63.201.171.178 1329 -R 192.168.0.100 21

> I'm not sure that ipchains is actually running. default run level is
> 5. and in /etc/rc5.d/ there is a K92ipchains@ file. Any ideas?

to see if ipchains is "running", do:

    /sbin/ipchains -L -v -n
    /sbin/ipchains -M -L -v -n
        /usr/sbin/ipmasqadm portfw -L -n

also look at the script that /etc/rc5.d/K92ipchains is linked to and
the other links to that script. that'll show what's involved in starting
and stopping the script and when it happens. if it's not running, you can
probably use chkconfig to make it start in run level 5:

e.g.
    chkconfig --level 2345 ipchains on
        chkconfig --level 016 ipchains off

> Thanks,
> Scott Decker
> PO Box 74141
> Davis, CA. 95617

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to