[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipmasq and recommended ways to integrate with firewall/port forwarding

> I used IPMasq which is just fine but i'm never sure how to add a firewall
> filter port access, my concern is that it is fiddling with ipchains so how
> i be confident my stuff is getting added and will not interfere.

Log dropped packets for a while, and test your firewall.  I used to add
rules for common illegal packets to reduce the logging, once I'd understood
where and why they were being transmitted (from internal hosts).

>  I noticed in
> the unstable distro that there is a new ipchains package for load/saving
> ipchain configurations and also ferm which deals with some of the tricks
> associated with being confident the firewall config is useful.  Could i
> them or are they not designed to play friendly with ipmasq?

They save the state, will probably work, but personally I preferred to keep
all the firewall stuff in one script, that started with a flush, and was
added to rc.d scripts.  It let me keep the 3 rules for each tunnel, in one
place, and easy to copy the script onto fallback firewall host.

> The second part to my problem is that of port forwarding,  i want to
expose an
> internal system ssh port through the firewall and also an internal http
> from time to time.

You need to enable masquarading for the host/port combo you wish to tunnel
through the firewall, then set up an mfw rule for the initial connection,
and then a rule for the redirect.  The docs which explain ipmasqadm, have a
HOWTO which is good enough to get your (simple) requirements up without too
much bother.  Use a search engine to find it.


Reply to: