Message-ID: <3A4F6A50.5EB43673@iname.com> Date: Sun, 31 Dec 2000 17:18:08 +0000 From: Chris Reeves <chris.reeves@iname.com> Subject: Re: [SLE] ipmasqadm portfw question anthony cagle wrote:
I am trying to get port forwarding working on a 6.4 SMP system without success. This system has been configured for several months to do IP Masquerading between a cable modem and a small internal network. FTP, ICQ and all of the rest of the services available have worked with no problem.
Recently, I wanted to move the web server which is currently on the IP Masquerading box to another machine on the internal network. I read all the documentation I could find, including the PORTFW mini howto and the howto's and package docs on ipchains, firewalls and ipmasqadm. It looked very simple. But for some reason I cannot get it to work. I'm beginning to wonder if perhaps the default 6.4 SMP config kernel doesn't really support the PORTFW function or perhaps there's something else obvious I'm missing.
This is how I initially tried to do this, but I gave up (perhaps too quickly - I'll investigate again later). What I did was install and configure rinetd - it's incredibly simple to do. In fact I did it in about 3 minutes, just before going out (since I need to access an internal web server from the place I was going to)...
I've included examples of my configuration, config files and output below. Thanks, Anthony
Cable Modem to Internet | |---------------| eth1 |www.subimo.com | IP assigned by cable compay DHCP | | old web server resided here (port 80) eth0 |192.168.1.1 | |---------------| | | ---------------------- internal network | | |-------------| eth0 | 192.168.1.2 | | new web | | server (80) | |-------------|
I've used Ethereal to capture all the packet traffic off eth0 (192.168.1.1) on the firewall machine, and no packets are being sent to the other machine(192.168.1.2) when I try to connect from a computer outside the firewall. Inside the firewall, the server is working (ie, http://192.168.1.1 gets a page sent back).
Here are the commands I'm using to configure the machine for portfw:
#! /bin/sh ipchains --flush ipchains -I forward -p tcp -s 192.168.1.2/32 80 -j MASQ ipchains -P forward DENY ipchains -A forward -s 192.168.1.0/24 -j MASQ ipmasqadm portfw -f ipmasqadm portfw -a -P tcp -L subimo.myip.org 80 -R 192.168.1.2 80
Here's the response I get from: ipchains -L Chain input (policy ACCEPT): Chain forward (policy DENY): target prot opt source destination ports MASQ tcp ------ 192.168.1.2 anywhere http -> any MASQ all ------ 192.168.1.0/24 anywhere n/a
Here's the response I get from: ipmasqadm portfw -l Chain output (policy ACCEPT): prot localaddr rediraddr lport rport pcnt pref TCP subimo.myip.org 192.168.1.2 http http 10 10
and finally, here's the response I get from: lsmod Module Size Used by ip_masq_portfw 3012 1 (autoclean)
Bye, Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\