FW: Help! ipmasqadm problem - Help its still not working
I made the changes and it still does not work. Any help would be greatly
appreciated.
Brian
-----Original Message-----
From: Brian Kimsey-Hickman [mailto:kimhick@mpinet.net]
Sent: Monday, February 12, 2001 3:52 PM
To: Debian Firewall List; felipe.alvarez@qlsoft.cl
Subject: RE: Help! ipmasqadm problem
Wow and thanks for the fast answer. So, the proper syntax would be:
ipchains -A forward -s 192.168.56.10/32 -d 0.0.0.0/0 -i eth2 -j MASQ
instead of . . .
ipchains -A forward -s 0.0.0.0/0 -d 192.168.56.10/32 -i eth1 -j MASQ
Thanks,
Brian
> -----Original Message-----
> From: Felipe Alvarez Harnecker [mailto:felipe@qlsoft.cl]
> Sent: Monday, February 12, 2001 3:42 PM
> To: kimhick@mpinet.net
> Subject: Help! ipmasqadm problem
>
>
> Brian Kimsey-Hickman writes:
> > I am at wits end and do not know what to do. I am trying to
> get my firewall
> > to forward port 80 to an internal web server. I have three
> NIC cards: eth0
> > = internal private numbers, eth1 = internal private numbers
> for web server,
> > eth2 = public/internet numbers. I am using a small script:
> >
> > ipchains -F
> > ipmasqadm portfw -f
> > ipchains -P output ACCEPT
> > ipchains -P forward MASQ
> > ipchains -P output ACCEPT
> > echo 1 > /proc/sys/net/ipv4/ipforward
> > ipchains -A forward -s 0.0.0.0/0 -d 192.168.56.10 -i eth1 -j MASQ
> > ipmasqadm portfw -a -P tcp -L 207.202.255.134 80 -R 192.168.56.10 80
> >
> > I know this is a wide open firewall but I still cannot hit the
> internal web
> > server. I have checked and recheck the kernel configuration
> and I am sure
> > it correct. I have also check all the NIC interfaces and they
> all seems to
> > be working correctly. If anyone has any ideas I would sure
> like to hear
> > them.
> >
> > Brian
> >
>
> You need to mascarade your server not the external clients
>
> Think of the packet that sends the server.
>
> Cheers.
>
> --
> ______________________________________________________
>
> Felipe Alvarez Harnecker. QlSoftware.
>
> Tels. 665.99.41 - 09.874.60.17
> e-mail: felipe.alvarez@qlsoft.cl
>
http://qlsoft.cl/
http://ql.cl/
______________________________________________________
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: