Problem forwarding ports
Hi folks! I've got a problem forwarding port 80 from my proxy's external interface to my server on the internal network. I use SuSEfirewall2 and inserting FW_FORWARD_MASQ="0/0,192.168.0.1,tcp,80" doesn't work. I know that this is a security issue but I need it that way, so no security discussion please. What other rules could I set using iptables? Thanks, Christian -- Scott's second Law: When an error has been detected and corrected, it will be found to have been wrong in the first place. Corollary: After the correction has been found in error, it will be impossible to fit the original quantity back into the equation.
192.168.0.1 is the IP of your Webserver on your internal net? And e.g. 192.168.0.254 is the IP of the internal network interface of your masquerading "proxy"/ router?! It is realy masquerading or just a proxy? It should at lease masquerade 192.168.0.1 AFAIK For me this works for another port well. You should debug by tail -f /var/log/firewall on your router. -- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216 On Mon, 7 Oct 2002, Christian Weickhmann wrote:
I've got a problem forwarding port 80 from my proxy's external interface to my server on the internal network.
I use SuSEfirewall2 and inserting FW_FORWARD_MASQ="0/0,192.168.0.1,tcp,80" doesn't work.
I know that this is a security issue but I need it that way, so no security discussion please.
On Mon, Oct 07, 2002 at 03:02:56PM +0200, Christian Weickhmann wrote:
Hi folks!
I've got a problem forwarding port 80 from my proxy's external interface to my server on the internal network.
I use SuSEfirewall2 and inserting FW_FORWARD_MASQ="0/0,192.168.0.1,tcp,80" doesn't work.
I know that this is a security issue but I need it that way, so no security discussion please.
What other rules could I set using iptables?
if you use that on the same network (all involved maschines are into the same network), you must msquerade the request, if not your webserver will respond directly to the maschine who started the connection instead of connecting thru the 'masquerade' gateway, so no connection can be established. HTH
participants (3)
-
Christian Weickhmann
-
d.huecking@gmx.net
-
Sven Michels