RE: FW: Help! ipmasqadm problem - Help its still not working
The strange thing is, it seems to make sense. But, it is still not
forwarding. I thought if I set the policy to MASK and everything else to
ACCEPT that would leave it wide open. Once I got the firewall to forward
then I could tighten the script. It just seems that no matter what I do I
cannot forward to my web server. I did set the forward policy to DENY. It
still does not work.
Thanks anyway,
Brian
> -----Original Message-----
> From: Manfred Wassmann [mailto:manolo@NCC-1701.B.shuttle.de]
> Sent: Tuesday, February 13, 2001 1:43 PM
> To: Brian Kimsey-Hickman
> Subject: Re: FW: Help! ipmasqadm problem - Help its still not working
>
>
> On Tue, 13 Feb 2001, Brian Kimsey-Hickman wrote:
>
> > Date: Tue, 13 Feb 2001 10:37:55 -0500
> > From: Brian Kimsey-Hickman <kimhick@mpinet.net>
> > To: Debian Firewall List <debian-firewall@lists.debian.org>
> > Subject: FW: Help! ipmasqadm problem - Help its still not working
> > Resent-Date: Tue, 13 Feb 2001 16:39:31 +0100 (CET)
> > Resent-From: debian-firewall@lists.debian.org
> >
> > I made the changes and it still does not work. Any help would
> be greatly
> > appreciated.
> >
> > Brian
> >
> > -----Original Message-----
> > From: Brian Kimsey-Hickman [mailto:kimhick@mpinet.net]
> > Sent: Monday, February 12, 2001 3:52 PM
> > To: Debian Firewall List; felipe.alvarez@qlsoft.cl
> > Subject: RE: Help! ipmasqadm problem
> >
> >
> > Wow and thanks for the fast answer. So, the proper syntax would be:
> >
> > ipchains -A forward -s 192.168.56.10/32 -d 0.0.0.0/0 -i eth2 -j MASQ
> >
> > instead of . . .
> >
> > ipchains -A forward -s 0.0.0.0/0 -d 192.168.56.10/32 -i eth1 -j MASQ
> >
> >
>
>
> You can write that in either way, it will have no effect at all as long as
> you set the forward policy to masquerade all packets. Change that line to
> ipchains -P forward DENY and it will start makeing sense.
>
>
> > Thanks,
> >
> > Brian
> >
> > > -----Original Message-----
> > > From: Felipe Alvarez Harnecker [mailto:felipe@qlsoft.cl]
> > > Sent: Monday, February 12, 2001 3:42 PM
> > > To: kimhick@mpinet.net
> > > Subject: Help! ipmasqadm problem
> > >
> > >
> > > Brian Kimsey-Hickman writes:
> > > > I am at wits end and do not know what to do. I am trying to
> > > get my firewall
> > > > to forward port 80 to an internal web server. I have three
> > > NIC cards: eth0
> > > > = internal private numbers, eth1 = internal private numbers
> > > for web server,
> > > > eth2 = public/internet numbers. I am using a small script:
> > > >
> > > > ipchains -F
> > > > ipmasqadm portfw -f
> > > > ipchains -P output ACCEPT
> > > > ipchains -P forward MASQ
> > > > ipchains -P output ACCEPT
> > > > echo 1 > /proc/sys/net/ipv4/ipforward
> > > > ipchains -A forward -s 0.0.0.0/0 -d 192.168.56.10 -i eth1 -j MASQ
> > > > ipmasqadm portfw -a -P tcp -L 207.202.255.134 80 -R
> 192.168.56.10 80
> > > >
> > > > I know this is a wide open firewall but I still cannot hit the
> > > internal web
> > > > server. I have checked and recheck the kernel configuration
> > > and I am sure
> > > > it correct. I have also check all the NIC interfaces and they
> > > all seems to
> > > > be working correctly. If anyone has any ideas I would sure
> > > like to hear
> > > > them.
> > > >
> > > > Brian
> > > >
> > >
> > > You need to mascarade your server not the external clients
> > >
> > > Think of the packet that sends the server.
> > >
> > > Cheers.
> > >
> > > --
> > > ______________________________________________________
> > >
> > > Felipe Alvarez Harnecker. QlSoftware.
> > >
> > > Tels. 665.99.41 - 09.874.60.17
> > > e-mail: felipe.alvarez@qlsoft.cl
> > >
> > http://qlsoft.cl/
> > http://ql.cl/
> > ______________________________________________________
> >
> >
>
> --
> Manfred Waßmann
>
>
>
Reply to: