RE: FW: Help! ipmasqadm problem - Help its still not working
It should work the same either way. Some people are just used to
putting quotes around things that they echo, because if you are
doing a string, you generally have to, but with numbers you do not.
-----Original Message-----
From: Brian Kimsey-Hickman [mailto:kimhick@mpinet.net]
Sent: Wednesday, February 14, 2001 6:12 AM
To: Debian Firewall List; Fife, William
Subject: RE: FW: Help! ipmasqadm problem - Help its still not working
Yes, I did. However some sources that I read had the 1 placed in quotations
to look like this:
echo "1" > /proc/sys/net/ipv4/ip_forward
The reason for this I am not sure. This type of scripting is new to me.
But thanks,
Brian
> -----Original Message-----
> From: Fife, William [mailto:William.Fife@Gateway.com]
> Sent: Tuesday, February 13, 2001 5:26 PM
> To: 'kimhick@mpinet.net'
> Subject: RE: FW: Help! ipmasqadm problem - Help its still not working
>
>
> did you do an echo 1> /prc/sys/net/ipv4/ip_forward
>
> if not, then forwarding is not enabled in the kernel.
>
>
>
> -----Original Message-----
> From: Brian Kimsey-Hickman [mailto:kimhick@mpinet.net]
> Sent: Tuesday, February 13, 2001 11:24 AM
> To: Debian Firewall List; Manfred Wassmann
> Subject: RE: FW: Help! ipmasqadm problem - Help its still not working
>
>
> The strange thing is, it seems to make sense. But, it is still not
> forwarding. I thought if I set the policy to MASK and everything else to
> ACCEPT that would leave it wide open. Once I got the firewall to forward
> then I could tighten the script. It just seems that no matter what I do I
> cannot forward to my web server. I did set the forward policy to
> DENY. It
> still does not work.
>
> Thanks anyway,
>
> Brian
>
> > -----Original Message-----
> > From: Manfred Wassmann [mailto:manolo@NCC-1701.B.shuttle.de]
> > Sent: Tuesday, February 13, 2001 1:43 PM
> > To: Brian Kimsey-Hickman
> > Subject: Re: FW: Help! ipmasqadm problem - Help its still not working
> >
> >
> > On Tue, 13 Feb 2001, Brian Kimsey-Hickman wrote:
> >
> > > Date: Tue, 13 Feb 2001 10:37:55 -0500
> > > From: Brian Kimsey-Hickman <kimhick@mpinet.net>
> > > To: Debian Firewall List <debian-firewall@lists.debian.org>
> > > Subject: FW: Help! ipmasqadm problem - Help its still not working
> > > Resent-Date: Tue, 13 Feb 2001 16:39:31 +0100 (CET)
> > > Resent-From: debian-firewall@lists.debian.org
> > >
> > > I made the changes and it still does not work. Any help would
> > be greatly
> > > appreciated.
> > >
> > > Brian
> > >
> > > -----Original Message-----
> > > From: Brian Kimsey-Hickman [mailto:kimhick@mpinet.net]
> > > Sent: Monday, February 12, 2001 3:52 PM
> > > To: Debian Firewall List; felipe.alvarez@qlsoft.cl
> > > Subject: RE: Help! ipmasqadm problem
> > >
> > >
> > > Wow and thanks for the fast answer. So, the proper syntax would be:
> > >
> > > ipchains -A forward -s 192.168.56.10/32 -d 0.0.0.0/0 -i eth2 -j MASQ
> > >
> > > instead of . . .
> > >
> > > ipchains -A forward -s 0.0.0.0/0 -d 192.168.56.10/32 -i eth1 -j MASQ
> > >
> > >
> >
> >
> > You can write that in either way, it will have no effect at all
> as long as
> > you set the forward policy to masquerade all packets. Change
> that line to
> > ipchains -P forward DENY and it will start makeing sense.
> >
> >
> > > Thanks,
> > >
> > > Brian
> > >
> > > > -----Original Message-----
> > > > From: Felipe Alvarez Harnecker [mailto:felipe@qlsoft.cl]
> > > > Sent: Monday, February 12, 2001 3:42 PM
> > > > To: kimhick@mpinet.net
> > > > Subject: Help! ipmasqadm problem
> > > >
> > > >
> > > > Brian Kimsey-Hickman writes:
> > > > > I am at wits end and do not know what to do. I am trying to
> > > > get my firewall
> > > > > to forward port 80 to an internal web server. I have three
> > > > NIC cards: eth0
> > > > > = internal private numbers, eth1 = internal private numbers
> > > > for web server,
> > > > > eth2 = public/internet numbers. I am using a small script:
> > > > >
> > > > > ipchains -F
> > > > > ipmasqadm portfw -f
> > > > > ipchains -P output ACCEPT
> > > > > ipchains -P forward MASQ
> > > > > ipchains -P output ACCEPT
> > > > > echo 1 > /proc/sys/net/ipv4/ipforward
> > > > > ipchains -A forward -s 0.0.0.0/0 -d 192.168.56.10 -i eth1 -j MASQ
> > > > > ipmasqadm portfw -a -P tcp -L 207.202.255.134 80 -R
> > 192.168.56.10 80
> > > > >
> > > > > I know this is a wide open firewall but I still cannot hit the
> > > > internal web
> > > > > server. I have checked and recheck the kernel configuration
> > > > and I am sure
> > > > > it correct. I have also check all the NIC interfaces and they
> > > > all seems to
> > > > > be working correctly. If anyone has any ideas I would sure
> > > > like to hear
> > > > > them.
> > > > >
> > > > > Brian
> > > > >
> > > >
> > > > You need to mascarade your server not the external clients
> > > >
> > > > Think of the packet that sends the server.
> > > >
> > > > Cheers.
> > > >
> > > > --
> > > > ______________________________________________________
> > > >
> > > > Felipe Alvarez Harnecker. QlSoftware.
> > > >
> > > > Tels. 665.99.41 - 09.874.60.17
> > > > e-mail: felipe.alvarez@qlsoft.cl
> > > >
> > > http://qlsoft.cl/
> > > http://ql.cl/
> > > ______________________________________________________
> > >
> > >
> >
> > --
> > Manfred Waßmann
> >
> >
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: