Port forwarding & masquerading - RH 7

Sun, 18 Mar 2001 08:26:07 -0800 

Hi again,
  I have a successful RH7 (updates and errata installed)
masquerade server on a DSL line.  I now want to set up an
internal apache server and be able to access this from the
outside [My IPS approves this for test purposes and has
assigned a domain name that will resolve - at least when it
was running on an unprotected firewall].

snippets of the code I am using are:

#definitions
IPADDR =  eth1 ip address.  The external ethernet on the
masquerade server
UNPRIVPORTS= "1024:65535"
EXTERNAL_INTERFACE="eth1"  external ethernet on the
masquerade server
APACHE_SERV = the internal masqued address of the machine
runnine apache: 192.168.14.252

rc.firewall.strong
#  Allows browsing the web from internal masqueraded
machines
#a
/sbin/ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -s
$IPADDR $UNPRIVPORTS -d $ANYWHERE 80 -j ACCEPT
#b
/sbin/ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! y -s
$ANYWHERE 80 -d $IPADDR $UNPRIVPORTS -j ACCEPT

# Should allow access to the internal machine
#c
/sbin/ipchains -A output -i $EXTERNAL_INTERFACE -p ! -y -s
$IPADDR 80 -d $ANYWHERE $UNPRIVPORTS -j ACCEPT
#d
/sbin/ipchains -A input   -i $EXTERNAL_INTERFACE -p tcp -s
$ANYWHERE $UNPRIVPORTS -d $IPADDR 80 -j ACCEPT

# Actually does the port forward
#e
/sbin/ipmasqadm portfw -a -P tcp -L $IPADDR 80 -R
$APACHE_SERV 80

My questions:
1.In /etc/httpd/httpd.conf under a Virtual Server I am usine
the internally masqed address as the server address. Is this
correct or should I be using the eth1 (external interface)
of the masqueraded machine?

2.  I have compile in:
        config_ip_masquerade_ipportfw
        config_ip_masquerade_mfw
     I have not compiled in:
        config_ip_masquerade_ipautofw [the way I read the
blurb  in xconfig is that this is not necessary for
supported forwards]

3.  In my limited experience line #d should accept whole
world access to port 80 on the firewall/masquerade machine
and line #e should fortward the firewall's port 80 to port
80 on the Apache server's interface.  ??

4.  The code snippets were copied/patterned after Robert
Ziegler's "Linux Firewalls" pub by New Riders

5.  Ideas and suggestions appreciated.  It may be that my
problem is with the Virtual Server portion of httpd.conf

TIA

Bob



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to