Re: help with port forwarding
Never mind. Found my problem. My problem was with the machine running the
web server inside the local network, not with the firewall machine.
On Wed, 13 Jun 2001 debuser@platinum.globalmart.com wrote:
> I have a Linux machine (Debian unstable with kernel 2.2.18) that is
> successfully masquerading for our local network. I want to do port
> forwarding so that machines on the Internet can see the web server of a
> machine on the local net. Following the IP-Masquerading howto, I have the
> following script which sets up the masquerading and attempts to set up the
> port forwarding as well:
>
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_always_defrag
> echo "1" > /proc/sys/net/ipv4/ip_dynaddr
> /sbin/ipchains -M -S 7200 10 160
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -i eth1 -s 10.3.0.0/24 -j MASQ
> MYIP=X.X.X.X
> /usr/sbin/ipmasqadm portfw -f
> /usr/sbin/ipmasqadm portfw -a -P tcp -L $MYIP 80 -R 10.3.0.50 80
>
> Where X.X.X.X is the IP address of the interface on the masquerading
> machine visible to machines on the Internet.
>
> Port forwarding isn't working though. It is apparent that something is
> happening as that now the web server on the masquerading machine no longer
> responds (as I assume traffic is indeed trying to be forwarded) but
> neither does the machine I'm trying to forward to respond. Can anyone see
> any problems with my firewall script?
>
> "ipmasqadm portfw -l" returns:
>
> prot localaddr rediraddr lport rport pcnt pref
> TCP X.X.X.X 10.3.0.150 80 80 10 10
>
> Which, as far as I can tell, looks correct. Any clues are greatly
> appreciated.
>
> Thanks,
>
> Gerry
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: