From: "anthony cagle"
Date: Fri, 29 Dec 2000 11:53:19 -0600
Message-ID:
Subject: ipmasqadm portfw question
Happy New Year!
I am trying to get port forwarding working on a 6.4 SMP system without
success. This system has been configured for several months to do IP
Masquerading between a cable modem and a small internal network. FTP, ICQ
and all of the rest of the services available have worked with no problem.
Recently, I wanted to move the web server which is currently on the IP
Masquerading box to another machine on the internal network. I read all the
documentation I could find, including the PORTFW mini howto and the howto's
and package docs on ipchains, firewalls and ipmasqadm. It looked very
simple. But for some reason I cannot get it to work. I'm beginning to
wonder if perhaps the default 6.4 SMP config kernel doesn't really support
the PORTFW function or perhaps there's something else obvious I'm missing.
I've included examples of my configuration, config files and output below.
Thanks,
Anthony
Cable Modem to Internet
|
|---------------|
eth1 |www.subimo.com | IP assigned by cable compay DHCP
| | old web server resided here (port 80)
eth0 |192.168.1.1 |
|---------------|
|
|
---------------------- internal network
| |
|-------------|
eth0 | 192.168.1.2 |
| new web |
| server (80) |
|-------------|
I've used Ethereal to capture all the packet traffic off eth0 (192.168.1.1)
on the firewall machine, and no packets are being sent to the other
machine(192.168.1.2) when I try to connect from a computer outside the
firewall. Inside the firewall, the server is working (ie,
http://192.168.1.1 gets a page sent back).
Here are the commands I'm using to configure the machine for portfw:
#! /bin/sh
ipchains --flush
ipchains -I forward -p tcp -s 192.168.1.2/32 80 -j MASQ
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/24 -j MASQ
ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L subimo.myip.org 80 -R 192.168.1.2 80
<p>Here's the response I get from: ipchains -L
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target prot opt source destination ports
MASQ tcp ------ 192.168.1.2 anywhere http ->
any
MASQ all ------ 192.168.1.0/24 anywhere n/a
Here's the response I get from: ipmasqadm portfw -l
Chain output (policy ACCEPT):
prot localaddr rediraddr lport rport pcnt pref
TCP subimo.myip.org 192.168.1.2 http http 10 10
and finally, here's the response I get from: lsmod
Module Size Used by
ip_masq_portfw 3012 1 (autoclean)
tulip 30784 1 (autoclean)
eepro100 15364 1 (autoclean)
serial 43860 0 (autoclean)
memstat 1480 0 (unused)
aic7xxx 118648 6
So everything looks good. Any ideas?