Re: ip forwarding under 2.2.17

[darrell dupas <ddupasedm@netscape.net>]

hi there, i dont use ssh, BUT, i was getting timeout problems when i 
masqed an oracle database, oracle uses port 1521, and similar to you we 
were loosing connections when we went through the ipchains firewall, the 
solution was to set the timeout - i have included the ipchains rules 
here just for completeness, you will put your ports and ip's in of 
course - hope this helps

darrell
ddupasedm@netscape.net

#!/bin/sh
echo DMZ

modprobe ip_masq_mfw

ipchains -I input -p tcp -y -d 161.184.137.127/32 1521 -m 1521
ipchains -I input -p tcp -y -d 192.168.1.1/32 1521 -m 1521
ipmasqadm mfw -A -m 1521 -r 192.168.222.222 1521

#Set timeouts to 2 hours, instead of default 15 minutes.
/sbin/ipfwadm -M -s 7200 10 60


jason@kwiqsilver.org wrote:

> I have a firewall with two network cards running Sid with kernel 2.2.17. I
> have the following rule:
>
> /usr/sbin/ipmasqadm portfw -a -P tcp -L $IP_REAL 22 -R $MAGNETO 22
>
> And it works fine. IP_REAL is the dhcp granted IP from my ISP, MAGNETO is
> the ssh server behind the firewall, and MYSTIQUE is the internal IP of the
> firewall. When I try the following rule:
>
> /usr/sbin/ipmasqadm portfw -a -P tcp -L $MYSTIQUE 22 -R $MAGNETO 22
>
> I get timeout errors from ssh. With no rule, when trying to ssh to IP_REAL
> from inside the firewall, I get timeout errors.
>
> I'm trying to have an ssh request to kwiqsilver.org forward to magneto both
> externally (which works) and internally, so I can access the CVS server with
> my notebook inside or outside.
> Is there a way to get this to work better? Would I be better off upgrading
> to 2.4 to use the newer firewalling system?
>
> Thanks,
> Jason