Firewall Wizards mailing list archives
RE:ipchains and port forwarding
From: "Jake L. Wegman" <jake () ultrex com>
Date: Tue, 4 Mar 2003 11:49:40 -0600
Good morning Robert,
One thing to keep in mind is that if you are in the private network, trying
to access the internal web/mail server via the external IP address and if
your default gateway is the machine that's forwarding the traffic, the
connection will fail.
Below are the simple rules that I use with IPMasq to forward
(Of course your firewall rules need to allow the traffic on the INPUT AND
OUTPUT chains)
echo " * Enabling Port Forwarding onto internal hosts."
/usr/sbin/ipmasqadm portfw -f
echo " * Forwarding WWW traffic on port 80 to $PORTFWIP1"
/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 80 -R $PORTFWIP1 80
#
echo " * Forwarding FTP Control traffic on port 21 to $PORTFWIP1"
/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 21 -R $PORTFWIP1 21
#
#echo " * Forwarding SMTP traffic on port 25 to $PORTFWIP1"
#/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 25 -R $PORTFWIP1 25
..Of course, in your sample below you need to specify the EXTERNAL IP
address as the -L parameter (and NOT your gateways PRIVATE IP address as you
seem to use). Your -R (destination) is correct in using the web server's
private IP address.
Please see the Linux Documentation Projects IP Masquerade HOWTO at
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/IP-Mas
querade-HOWTO.html
...(and yes, IP tables is easier to use... The only reason to use IPChains
is if you are running a 2.2.x kernel)
Thanks
Jake
--__--__-- Message: 1 Date: Mon, 03 Mar 2003 12:30:37 -0500 From: "Robert E. Martin" <rmartin () fishburne org> To: firewall-wizards () nfr net Subject: [fw-wiz] ipchains and port forwarding Hey guys!! I have just installed a dsl line and need to rebuild a firewall. I have decided to use ipchains and have a need to forward www and mail access into the private side of the new firewall. I am familiar with ipportfw and ipautofw commands. Is this all I need to do to get access to my web and mail server? ex: isp addr 216.12.31.x internal net : 192.168.0.x web server: 192.168.0.10 mailserver: 192.168.0.20 rules I've tried: /sbin/ipmasqadm portfw -a -P tcp -L 192.168.0.1 80 -R 192.168.0.10 80 -p
100
Thanks!! -- Robert E Martin IT Manager Fishburne Military School rmartin () fishburne org 540.946.7726
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ipchains and port forwarding Robert E. Martin (Mar 03)
- Re: ipchains and port forwarding Martin A. Brown (Mar 03)
- Re: ipchains and port forwarding Robert E. Martin (Mar 04)
- Re: ipchains and port forwarding Mike LaPane (Mar 04)
- Re: ipchains and port forwarding Robert E. Martin (Mar 05)
- Re: ipchains and port forwarding Robert E. Martin (Mar 04)
- Re: ipchains and port forwarding Martin A. Brown (Mar 03)
- Re: ipchains and port forwarding Ted Behling (Mar 03)
- <Possible follow-ups>
- RE:ipchains and port forwarding Jake L. Wegman (Mar 04)