RE: FW: Help! ipmasqadm problem - Help its still not working

To: "Michael Wood" <wood@kingsley.co.za>, <debian-firewall@lists.debian.org>
Subject: RE: FW: Help! ipmasqadm problem - Help its still not working
From: "Brian Kimsey-Hickman" <kimhick@mpinet.net>
Date: Wed, 14 Feb 2001 09:22:28 -0500
Message-id: <[🔎] 000601c09691$8f1646c0$ae041eac@cq55595.comptroller.co.orange.fl.us>
Reply-to: <kimhick@mpinet.net>
In-reply-to: <[🔎] 20010214083549.A28707@lion.kingsley.co.za>

Thanks, for the advice.  Actually I do need to MASQ both incoming and
outgoing packets.  I have not mentioned this in previous postings but this
new firewall is set up on a second T-1 line.  I have an old T-1 and firewall
that will be dropped a few weeks after this one is up.  If I don't mask the
incoming then when the web server responds the routers will send that
traffic out through the old T-1.  In the final product I was going to set
the forward policy to DENY or REJECT and have two lines that would MASQ port
80 incoming and outgoing.  After the old T-1 is dropped then that could be
changed.  I had not thought of it before you mentioned it but is it possible
to MASQ both incoming and outgoing?

Thanks for the input,

Brian

> -----Original Message-----
> From: Michael Wood [mailto:wood@kingsley.co.za]
> Sent: Wednesday, February 14, 2001 1:36 AM
> To: debian-firewall@lists.debian.org
> Subject: Re: FW: Help! ipmasqadm problem - Help its still not working
>
>
> I don't think you want to set the forward policy to MASQ.
>
> I have never used ipmasqadm, but how about trying this:
>
> ipchains -F # flush all rules
> ipchains -X # get rid of any user defined chains too
> ipmasqadm portfw -f
> ipchains -P output ACCEPT
> ipchains -P forward ACCEPT
> ipchains -P output ACCEPT
> echo 1 > /proc/sys/net/ipv4/ipforward
> ipchains -A forward -s 192.168.56.0/24 -d 0.0.0.0/0 -i eth1 -j MASQ
> ipmasqadm portfw -a -P tcp -L 207.202.255.134 80 -R 192.168.56.10 80
>
> if you have ipchains -P forward MASQ it will "masqerade"
> incoming stuff and outgoing stuff instead of just outgoing
> stuff.
>
> On Tue, Feb 13, 2001 at 02:24:00PM -0500, Brian Kimsey-Hickman wrote:
> > The strange thing is, it seems to make sense.  But, it is
> > still not forwarding.  I thought if I set the policy to MASK
> > and everything else to ACCEPT that would leave it wide open.
> > Once I got the firewall to forward then I could tighten the
> > script.  It just seems that no matter what I do I cannot
> > forward to my web server.  I did set the forward policy to
> > DENY.  It still does not work.
> [snip]
>
> --
> Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
> wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- Re: FW: Help! ipmasqadm problem - Help its still not working
  - From: Michael Wood <wood@kingsley.co.za>
- RE: FW: Help! ipmasqadm problem - Help its still not working
  - From: Manfred Wassmann <manolo@NCC-1701.B.shuttle.de>

References:
- Re: FW: Help! ipmasqadm problem - Help its still not working
  - From: Michael Wood <wood@kingsley.co.za>

Prev by Date: RE: FW: Help! ipmasqadm problem - Help its still not working
Next by Date: Re: FW: Help! ipmasqadm problem - Help its still not working
Previous by thread: Re: FW: Help! ipmasqadm problem - Help its still not working
Next by thread: Re: FW: Help! ipmasqadm problem - Help its still not working
Index(es):
- Date
- Thread