Re: [Masq] Re: Port forwarding problems

Sat, 7 Aug 1999 01:02:08 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */



all you need is ipmasqadm you dont need to let everybody to masq on your
mechains.
it also has in you kernel to portfowerd,
On Sat, 7 Aug 1999, Fuzzy Fox wrote:

> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
> 
> 
> 
> [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >
> > If you want the internal server to be accessible from the outside, try
> > these lines in your script:
> > 
> >     ipchains -F forward
> >     ipcahins -P forward MASQ
> 
> Ugh!  This is the worst advice I've seen given out on this list. 
> Nothing personal, but.. this is very bad.  It means that, not only can
> your internal LAN masquerade its way out, but.. anyone on the whole Net
> can masquerade their way INTO your LAN!  They'll end up pretending to
> look like your masq box to internal systems!
> 
> Furthermore, the above is not needed at all to get port-forwarding to
> work.
> 
> > Portfw only works when masqing is turned on for both directions.
> 
> Simply not true.  If you didn't get it working before, there was
> something else wrong.  This wasn't the fix.
> 
> The port-forwarding code works by searching the forwarding rules for a
> masq entry that will work in the opposite direction from the connection
> being forwarded.  So enabling masq in that direction won't help!
> 
> -- 
>    [EMAIL PROTECTED] (Fuzzy Fox)      || "Nothing takes the taste out of peanut
> sometimes known as David DeSimone  ||  butter quite like unrequited love."
>   http://www.dallas.net/~fox/      ||                       -- Charlie Brown
> 
> 
> _______________________________________________
> Masq maillist  -  [EMAIL PROTECTED]
> Admin requests can be handled at http://www.indyramp.com/masq-list/
> or email to [EMAIL PROTECTED]
> 
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
> 



_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to