Re: FW: Help! ipmasqadm problem - Help its still not working
Michael Wood wrote:
>
> I don't think you want to set the forward policy to MASQ.
>
> I have never used ipmasqadm, but how about trying this:
>
> ipchains -F # flush all rules
> ipchains -X # get rid of any user defined chains too
> ipmasqadm portfw -f
> ipchains -P output ACCEPT
> ipchains -P forward ACCEPT
> ipchains -P output ACCEPT
> echo 1 > /proc/sys/net/ipv4/ipforward
> ipchains -A forward -s 192.168.56.0/24 -d 0.0.0.0/0 -i eth1 -j MASQ
> ipmasqadm portfw -a -P tcp -L 207.202.255.134 80 -R 192.168.56.10 80
I think the problem you'll run into here is that the traffic will reach the
internal web server, but get masqueraded on the way out, changing the source
port from 80 to some high port. Try running tcpdump on both the web server
and the interal and external interfaces on the firewall to see what's coming
in/going out to help troubleshoot where things are getting hung up.
You might consider looking into the 2.4 kernel and it's netfilter. iptables
will do both SNAT and DNAT. I have a similar setup (webserver on private lan
behind firewall) and just do DNAT (destination NAT) on the firewall to forward
the traffic through, which I believe also catches the return traffic and
adjusts
just the IP address on outgoing packets.
Reply to: