From: "anthony cagle" <acagle@zilker.net> Date: Fri, 29 Dec 2000 11:53:19 -0600 Message-ID: <IBECKPFNJODELCENPLLIEEBJCEAA.acagle@zilker.net> Subject: ipmasqadm portfw question Happy New Year! I am trying to get port forwarding working on a 6.4 SMP system without success. This system has been configured for several months to do IP Masquerading between a cable modem and a small internal network. FTP, ICQ and all of the rest of the services available have worked with no problem. Recently, I wanted to move the web server which is currently on the IP Masquerading box to another machine on the internal network. I read all the documentation I could find, including the PORTFW mini howto and the howto's and package docs on ipchains, firewalls and ipmasqadm. It looked very simple. But for some reason I cannot get it to work. I'm beginning to wonder if perhaps the default 6.4 SMP config kernel doesn't really support the PORTFW function or perhaps there's something else obvious I'm missing. I've included examples of my configuration, config files and output below. Thanks, Anthony Cable Modem to Internet | |---------------| eth1 |www.subimo.com | IP assigned by cable compay DHCP | | old web server resided here (port 80) eth0 |192.168.1.1 | |---------------| | | ---------------------- internal network | | |-------------| eth0 | 192.168.1.2 | | new web | | server (80) | |-------------| I've used Ethereal to capture all the packet traffic off eth0 (192.168.1.1) on the firewall machine, and no packets are being sent to the other machine(192.168.1.2) when I try to connect from a computer outside the firewall. Inside the firewall, the server is working (ie, http://192.168.1.1 gets a page sent back). Here are the commands I'm using to configure the machine for portfw: #! /bin/sh ipchains --flush ipchains -I forward -p tcp -s 192.168.1.2/32 80 -j MASQ ipchains -P forward DENY ipchains -A forward -s 192.168.1.0/24 -j MASQ ipmasqadm portfw -f ipmasqadm portfw -a -P tcp -L subimo.myip.org 80 -R 192.168.1.2 80 <p>Here's the response I get from: ipchains -L Chain input (policy ACCEPT): Chain forward (policy DENY): target prot opt source destination ports MASQ tcp ------ 192.168.1.2 anywhere http -> any MASQ all ------ 192.168.1.0/24 anywhere n/a Here's the response I get from: ipmasqadm portfw -l Chain output (policy ACCEPT): prot localaddr rediraddr lport rport pcnt pref TCP subimo.myip.org 192.168.1.2 http http 10 10 and finally, here's the response I get from: lsmod Module Size Used by ip_masq_portfw 3012 1 (autoclean) tulip 30784 1 (autoclean) eepro100 15364 1 (autoclean) serial 43860 0 (autoclean) memstat 1480 0 (unused) aic7xxx 118648 6 So everything looks good. Any ideas?