[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

port forwarding unsin iptables (2.4.0-t1-ac23)

maybe someone could help clear up some confusions i have with some of this
ipchains ==> itables conversion that is going on. i was introduced to chains
almost 7 months ago now, and  since that time i have been able to make it do
quite a bit of what i needed it to. i had some problems however (ftp, dcc's)
and some of my pals told me that tables "would fix everything!" well i kinda
feel like i bought a used car, because the same people that told me it would
work now are nowhere to been heard of on the topic. nm, i got a great
working (halfway) in my opinion, heres my setup and what i need to fix.

 1) my internal is masq'ed through my deb. box usin a PREROUTING rule and
    this works GREAT.
 2) i have a internal server (www, etc.) that i want the world to be able to
    reach on that internal lan. this is where my problems start.

 from what i have read (in confusion) to allow that to work i should set up
POSTROUTING rule. well thats all good, other than the fact that when someone
connects to my http server they are forwarded into my server and their
addess is masqed as if they were actually coming from my deb. firewall. this
just not acceptable.

  i have messed around with a bunch of different rules and have had no luck,
are FORWARDING and REDIRECT tables within the tables definition, but these
seem to be for what i am trying to do. ? now i have also tried to implement
IMPASQADM to do the same old port forwarding rules that i did in 2.2 but
doesnt work either. i understand that the kernel that im using is rather old
in the
dev. life cycle, but i would think that i might me able to make this work. i
compiled in ALL options that are even remotely liked to packet filtering. if
someone feels that i _must_ get a new one i would do it.

i really just want to know if my thinking is correct, with using IPMASQ to
do port forwarding.. sorry for the long message..


Reply to: