Re: Port forwarding with ipmasq and iptables
On Wed, Dec 17, 2003 at 11:24:20AM -0000, robin.c.smith@bt.com wrote:
> The last ipmasq security fix killed my port forwarding, I had to revert to a rul that backed out the fix.
> Have a look at the differences between the versions. There is probably a more secure fix for this.
>
> Robin
>
Thanks, that worked.
I was reading the archives and noticed someone with a similar problem:
http://lists.debian.org/debian-firewall/2003/debian-firewall-200309/msg00078.html
I swapped around the comment on the following two lines so that the
second line is now commented out and the first isn't. These are in
/etc/ipmasq/rules/M70masq.def.
#$IPTABLES -A FORWARD -o $i -i ${j%%:*} -d $IPOFIF/$NMOFIF -j ACCEPT
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
I'd think there would be a way to have the security fix and port
forwarding working, surely they're not mutually exclusive.
Reply to: