Re: Port forwarding with ipmasq and iptables

To: debian-firewall@lists.debian.org
Subject: Re: Port forwarding with ipmasq and iptables
From: Brendan Bache <moosh@arach.net.au>
Date: Wed, 17 Dec 2003 21:00:05 +0800
Message-id: <[🔎] 20031217130005.GA10760@atlas>
In-reply-to: <783753B874E0464C99399294AB25E29F053199C7@i2km31-ukdy.domain1.systemhost.net>
References: <783753B874E0464C99399294AB25E29F053199C7@i2km31-ukdy.domain1.systemhost.net>

On Wed, Dec 17, 2003 at 11:24:20AM -0000, robin.c.smith@bt.com wrote:
> The last ipmasq security fix killed my port forwarding, I had to revert to a rul that backed out the fix.
> Have a look at the differences between the versions. There is probably a more secure fix for this.
> 
> Robin
> 

Thanks, that worked.
I was reading the archives and noticed someone with a similar problem:
http://lists.debian.org/debian-firewall/2003/debian-firewall-200309/msg00078.html

I swapped around the comment on the following two lines so that the
second line is now commented out and the first isn't. These are in
/etc/ipmasq/rules/M70masq.def.

#$IPTABLES -A FORWARD -o $i -i ${j%%:*} -d $IPOFIF/$NMOFIF -j ACCEPT
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

I'd think there would be a way to have the security fix and port
forwarding working, surely they're not mutually exclusive.

Reply to:

Prev by Date: load-balancing with iptables? (was Re: Unidentified subject!)
Next by Date: Re: load-balancing with iptables? (was Re: Unidentified subject!)
Previous by thread: Re: Port forwarding with ipmasq and iptables
Next by thread: Unidentified subject!
Index(es):
- Date
- Thread