On 02/03/02 Xeno Campanoli did speaketh:
> Do I still need to set up ipchains for packets coming back out, or does
> this take care of all of it? Another thing I'm similarly stuck on is
> portforwarding into a single FTP server. Do you just:
ipchains must still permit the flow of the packets in question, yes.
> ipmasqadm portfw -a -P tcp -L $external_ip 20 -R $DMZFTP_IP 20
> ipmasqadm portfw -a -P tcp -L $external_ip 21 -R $DMZFTP_IP 21
>
> or do I also need to put in some ipchains stuff defining the exiting
> packets? Also, can I use both portfw and mfw in a configuration, for
> instance mfw with the web servers and portfw with the ftp server?
Think of port-forwarding as in-between the input and output chains. You
must still permit the flow of the packets required to receive and forward.
As for the last question of combining portfw and mfw, I'm assuming they're
both permitted as they're two different modules, but I don't really know.
Mike
--
Michael P. Soulier <msoulier@mcss.mcmaster.ca>, GnuPG pub key: 5BC8BE08
"...the word HACK is used as a verb to indicate a massive amount
of nerd-like effort." -Harley Hahn, A Student's Guide to Unix
Attachment:
pgpvVtntRmOWC.pgp
Description: PGP signature