port forwarding unsin iptables (2.4.0-t1-ac23)
maybe someone could help clear up some confusions i have with some of this
ipchains ==> itables conversion that is going on. i was introduced to chains
almost 7 months ago now, and since that time i have been able to make it do
quite a bit of what i needed it to. i had some problems however (ftp, dcc's)
and some of my pals told me that tables "would fix everything!" well i kinda
feel like i bought a used car, because the same people that told me it would
work now are nowhere to been heard of on the topic. nm, i got a great
ruleset
working (halfway) in my opinion, heres my setup and what i need to fix.
1) my internal is masq'ed through my deb. box usin a PREROUTING rule and
this works GREAT.
2) i have a internal server (www, etc.) that i want the world to be able to
reach on that internal lan. this is where my problems start.
from what i have read (in confusion) to allow that to work i should set up
a
POSTROUTING rule. well thats all good, other than the fact that when someone
connects to my http server they are forwarded into my server and their
source
addess is masqed as if they were actually coming from my deb. firewall. this
is
just not acceptable.
i have messed around with a bunch of different rules and have had no luck,
there
are FORWARDING and REDIRECT tables within the tables definition, but these
dont
seem to be for what i am trying to do. ? now i have also tried to implement
IPMASQ and
IMPASQADM to do the same old port forwarding rules that i did in 2.2 but
this
doesnt work either. i understand that the kernel that im using is rather old
in the
dev. life cycle, but i would think that i might me able to make this work. i
have
compiled in ALL options that are even remotely liked to packet filtering. if
however
someone feels that i _must_ get a new one i would do it.
i really just want to know if my thinking is correct, with using IPMASQ to
do port forwarding.. sorry for the long message..
mike
hack6500@ait.fredonia.edu
Reply to: