Re: forwarding

To: <debian-firewall@lists.debian.org>
Subject: Re: forwarding
From: "John B. Kramer" <jbkramer@mad.scientist.com>
Date: Thu, 30 Mar 2000 14:50:54 -0500
Message-id: <954445854.38e3b01eacadc@coruscant.jedi>
In-reply-to: <Pine.LNX.4.21.0003302111570.3748-100000@ugly.wh8.tu-dresden.de>
References: <Pine.LNX.4.21.0003302111570.3748-100000@ugly.wh8.tu-dresden.de>

Quoting Oswald Buddenhagen <ob6@inf.tu-dresden.de>:

> > Quick question as I haven't really used ipmasq that much.  What
> ipchains
> > rules would I add in order to have an ftpd running on port 5510 on
> 10.1.1.5
> > accessible from outside the internal network. I realize I have to
> forward
> > both 5510 and 5509 but I'm not sure how to go about it.
> >
> i don't know, if there are ways around it, but the masqerading-howto
> clearly states, that it is basically impossible to access hosts on the
> inner network from outside. masq-ing allows only outgoing connections.

IPMASQADM has a PORTFW "module" available.

These are the commands I'm using to forward ftp to an internal ftp server.
The FTP-DATA works typically in reverse direction of the control connection.

/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.17.57.58 21 -R 10.1.1.3 21
/sbin/ipchains -A input -j ACCEPT -i eth1 -s 24.17.57.58 -l -p tcp -d 0.0.0.0/0 
21

It works well for me, but of course I'm not using ftp on a different port.

--
John Kramer
jbkramer@mad.scientist.com

Reply to:

References:
- Re: forwarding
  - From: Oswald Buddenhagen <ob6@inf.tu-dresden.de>

Prev by Date: Re: forwarding
Next by Date: Re: forwarding
Previous by thread: Re: forwarding
Next by thread: Re: forwarding
Index(es):
- Date
- Thread