Problems with Port Forwarding Through Internal Firewall
I don't know if this is a firewall problem, a DNS problem, or some other kind
of configuration problem, but I need to get this resolved, so any help is
greatly appreciated.
I've described my setup before in another post, but I'll go over it again.
I have my 1st firewall connected to the Internet, with the old LAN hooked up
to that. Then I have a 2nd firewall, connected to the LAN (i.e. not directly
to the Internet), with a new LAN behind that. The idea is that when
everything in the new LAN is working the way it needs to, I'll remove the old
LAN (which is ready to qualify for the hand-me-down-to-the-parents thing),
and use just the new LAN. The 2nd firewall was running IPCop. At this
moment it is running Smoothwall (which works about the same) as a test. The
problem is under both IPCop and Smoothwall. (I changed to Smoothwall as a
control test. I don't want to change back until I figure out what is wrong,
then I'll have IPCop up again.)
In the meantime, I need to have a few things working, and I also want to know
how to do this so I can deal with similar problems in the future.
I want to be able to use 2 services, each to 2 systems, through the firewall.
I want to be able to use SSH and RSYNC from the old LAN, through the 2nd
firewall (as described above), to the new LAN's server and my production
system. I set up IPCop/Smoothwall to forward port 50022 to port 22 (ssh) on
the server, 50023 to port 22 on the production system, 50837 to port 873
(rsync) on the new server, and 50874 to port 873 on the production box. It
sounds good, and seemed to work a few days ago, before I took the server down
and upgraded it to Mepis (newer kernel, and some other nice things over the
older Libranet -- both are Debian based distros). Now I can ssh through port
50022 to the server, but not though 50023 to the production system. When I
try rsync through 50873, I connect to the server. When I try it through port
50874 (which should go to the production system), it goes to the server.
I had a lot of trouble setting up the new DNS (I used Bind 9, which was a
disaster, and when I downgraded to Bind, version 8, it worked almost
immediately). I can't recall whether I had a DNS server working on the older
system (I think I just used /etc/hosts since it was a small LAN). I don't
know if this has any effect on what is happening.
Basically, it seems I can't connect to the production system, only to the
server and when I use rsync to reach the production system, I get the server.
I've checked the logs in IPCop and Smoothwall. When I first started looking
at the IPCop logs, it looked like every time I tried to connect (through
either ssh or rsync), it showed up on the logs in IPCop, showing the correct
destination IP address in the new LAN. When I started working with it this
morning, many ssh and rsync attempts started showing the destination address
as the firewalls external address (in other words, on the old LAN side, not
the side I'm trying to reach). It also no longer shows the correct
destination port.
Any help is appreciated. At this point I don't know if it's a firewall
problem, or something else (I suspect it's got something to do with the DNS,
since that was what I messed with, but I don't see how that would effect the
firewall and result in screwy logs).
Thanks.
Hal
Reply to: