[masq] port forwarding

Tue, 12 Jan 1999 00:17:42 -0500 


I am having problems getting port forwarding to work.  I know this may not
be the forum to ask this in, but I am not sure where else to ask.

My private network consists of:
a Debian Linux 2.0.34 Server (IP 192.168.0.100) running the Apache web
server.
a Debian Linux 2.0.34 Server (IP 192.168.0.200 internally, IP 206.63.251.175
externally) configured with IP Masquerading and IP Port Forwarding.  (I did
install the port forwarding patch for the 2.0.34 kernel).  This server is my
firewall.  It is connected to my ISP via DSL.
a Windows NT server (IP 192.168.0.4).  I can dial up my ISP via this
machine.
a couple of other Windows 95 machines.

The IP Masquerading came up and worked without error the first time I booted
it up.
However, I have been wrestling with the port forwarding for a while now
without getting anywhere.

My ipfwadm rules are:

        ipfwadm -I -p accept
        ipfwadm -O -p accept
        ipfwadm -F -p deny
               ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0 2
               ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0 2
               ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0
               ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0
        ipfwadm -I -d deny -o -P all -S 206.63.241.175 -W eth0 -D 0/0 2
        ipfwadm -I -d deny -o -P all -S 192.168.0.200 -W eth1 -D 0/0 2
        ipfwadm -I -a deny -o -P all -S 206.63.241.175 -W eth0 -D 0/0
        ipfwadm -I -a deny -o -P all -S 192.168.0.200 -W eth1 -D 0/0
        ipfwadm -F -a masquerade -S 192.168.0.0/24 -D 0/0

my ipportfw rules are:
        ipportfw -A -u206.63.251.175/80 -R 192.168.0.100/80
        ipportfw -A -t206.63.251.175/80 -R 192.168.0.100/80

When I try to access my Linux web server (I disconnect the NT machine from
the network and dial up my ISP), the browser doesn't get any response from
the web server.  Using tcpdump (running on the Linux server), I can see that
the packets are getting forwarded through the firewall, but the web server
doesn't seem to see them.  I know that the web server is running, because
when I connect the NT machine back to my internal network, I can access it
just fine.  I get the same results when I forward ports 20 and 21 and try to
use ftp.

I would appreciate any clues as to where to debug from here or any
suggestions of where else to ask questions.

Thanks!
  ....  Jim Montague

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to