Re: ipmasq and recommended ways to integrate with firewall/port forwarding
> I used IPMasq which is just fine but i'm never sure how to add a firewall
to
> filter port access, my concern is that it is fiddling with ipchains so how
can
> i be confident my stuff is getting added and will not interfere.
Log dropped packets for a while, and test your firewall. I used to add
rules for common illegal packets to reduce the logging, once I'd understood
where and why they were being transmitted (from internal hosts).
> I noticed in
> the unstable distro that there is a new ipchains package for load/saving
> ipchain configurations and also ferm which deals with some of the tricks
> associated with being confident the firewall config is useful. Could i
use
> them or are they not designed to play friendly with ipmasq?
They save the state, will probably work, but personally I preferred to keep
all the firewall stuff in one script, that started with a flush, and was
added to rc.d scripts. It let me keep the 3 rules for each tunnel, in one
place, and easy to copy the script onto fallback firewall host.
> The second part to my problem is that of port forwarding, i want to
expose an
> internal system ssh port through the firewall and also an internal http
server
> from time to time.
You need to enable masquarading for the host/port combo you wish to tunnel
through the firewall, then set up an mfw rule for the initial connection,
and then a rule for the redirect. The docs which explain ipmasqadm, have a
HOWTO which is good enough to get your (simple) requirements up without too
much bother. Use a search engine to find it.
Rob
Reply to: