Thanks for the reply!
I think (correct me if I'm wrong) that mandrake security uses
IPtables, not ipchains...
It seems like all this configuration is possible through the
https management screen, but I haven't been able to get the rules I
set up to work.
Are you using ipmasq with the mandrake security distro?
-e-
>hi
>
>depends how you have it set up..
>
>I did something similiar...
>
>I have several internal servers, and they use the 192.168 range of internal
>ip's
>
>I wanted to make port 80 on one of them visable as port 80 on the external
>systems IP.
>
>so, I downloaded ipmasqadm rpm from rpmfind.net (couldn't get a MDK one, so
>I just chose the newest src version from another distro and rebuilt it. Then
>installed the resultant binary rpm.)
>
>Oncee that was installed, it was simply a matter of adding some rules to the
>end of my ipchains rules...
>(lacking that you can add it to the end of the /etc/rc.d/rc.local file (make
>sure it is executable before you leave)
>
>anyway, here are some example rules for you..
>
># First Clear the forwarding Rules
>ipmasqadm portfw -f
># Second we add a portforward rule for Port 80.
>#ipmasqadm portfw -a -P tcp -L $OUTERIP 80 -R $EZEPAY 80
># Now we do the same for SSL.
>ipmasqadm portfw -a -P tcp -L $OUTERIP 443 -R $EZEPAY 443
>
>
>$OUTERIP has been predefined as the IP address of the external machine.
>$EZEPAY was predefined as the internal ip of the internal server..
>
>So you can replace the variables with the actual IP's without any hassle.
>
>I made the ports the same, but there is nothing from stopping you sending it
>to a different port...
>
>ie port 80 internal to port X on the external machine...
>
>It was surprisingly easy to do... I have it tested and working using the
>above rules right now.
>
>If you want the copy of ipmasqadm I used, let me know,, I have it rebuilt
>for i686 on mdk 7.2... if you have the same, then great, if not, I can email
>you the src rpm, which you put on your linux box and type:
>rpm --rebuild
>
>It will tick away for a while and then a new rpm will miracously appear in
>/usr/src/RPM/RPMS/iX86
>
>where ixxx is the type of system you have, if its a 486, you will find the
>file in i486 if its a pentium, i586,
>PII is i686 etc.....
>
>the rpm will be called ipmasqadm0.4.2-4.ix86.rpm
>
>just install that like normal with rpm -ivh ipmasq.........
>
>
>then put in the rules and start them...
>
>easy as,, you will then have transparent port forwarding...
>
>works great, I wish someone would have told me to do this a week ago,, took
>me alot of research to find the best method...
>
>Actually, I will attach the file to rebuild, so if you want it you don't
>have to ask again...
>
>
>good luck,
>
>let me know how you go.
>
>regards
>
>frank
>
>Perth WA
>
>
>
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of Ed Colmar
>Sent: Thursday, 24 May 2001 1:25 AM
>To: [EMAIL PROTECTED]
>Subject: [newbie] mandrake security question
>
>
>Hi all!
>
> I've got my mandrake security box up and running... All is
>well, except for the few services that I want to make available to
>the outside world.
>
> I have the firewall configured to pass http traffic through
>to the internal ip address of our web server. 192.168.1.26
>
> So, when I try and load this page from outside the firewall,
>do I need to try and connect to the ip address of the firewall
>machine's external interface?
>
> I've been trying this with no luck... I can see the web
>pages from the internal side, but not from the outside.
>
> Any tips would be greatly appreciated!
>
> BTW... mandrake security rocks!
>
> -e-
>
>Content-Type: audio/x-pn-realaudio-plugin;
> name="ipmasqadm-0.4.2-4.src.rpm"
>Content-Disposition: attachment;
> filename="ipmasqadm-0.4.2-4.src.rpm"
>
>Attachment converted: Resource:ipmasqadm-0.4.2-4.src.rpm 1
>(????/----) (000156D6)
