Port Forwarding
Doug Bronson
doug at bronson-tate.com
Mon Jan 13 02:20:09 CST 2003
Jonathan:
I'm hesitant to say anything because I don't want to sound like the
broken record that you've been hearing.
I'll try to assist you 'cause I'll need your help with my problem on the
other thread.
First off as you know I'm using IPChains not IPTables so I don't know if
the info that I'm going to give you will even be relevant.
Many years ago when I first turned my linux box into a router/proxy
server, I ran into a similar problem, but it was with a dial up modem.
THe masq./firewall script that I was using, luckily was able to be
broken
down into sections and ran separately for trouble shooting.
I first deactivated the firewall and just ran the masq. section to see
if I could connect from either direction .
The masq. script looked as follows:
"called from /etc/rc.d/rc.local"
#!/bin/sh
modprobe ip_masq_ftp
modprobe ip_masq_irc
modprobe ip_masq_raudio
echo "1" > /proc/sys/net/ipv4/ip_forward
ipchains -P forward DENY
ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0
IPFORWARDING=yes
echo "1" . /proc/sys/net/ipv4/ip_dynaddr
## behind my router the last line is commented out
I called this file /etc/rc.d/rc.firewall
did a:
chmod 700 /etc/rc.d/rc.firewall
and made a link to it in /etc/rc.d/rc.local
Also:
chmod 700 /etc/rc.d/rc.local
With just this script I had masq. working.
Now as far as your situation goes, I don't know if you can just switch
"ipchains" with "iptables" or not.
If you run this or a similar script, an can connect, then obviously your
problem is in the firewall. If you still cannot connect than all that I
just said is totally useless.
In trying to solve my problem I ran across a free firewall script called
PM-Firewall.
www.pointman.org/PMFirewall/
and
http://linux.cvf.net/installing_pmfirewall.html
(open in I.E.or Opera, Netscape seems to have a problem with the JAVA)
It mentioned that it is written for IPChains but can be modified for
IPTables.
It is the only firewall that has come close to resolving my problem.
It might be your answer.
good luck.
Doug
Jonathan Hutchins wrote:
>
> I have a RH7.2 firewall doing NAT for me, and I want to be able to reach an
> internal webserver from the outside world. I don't seem to be able to get
> iptables to forward the connections forwarded to the server properly. I'm
> trying to use the examples from the IP Masq HOWTO at
> http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html, but they're a
> little vague about where the commands should go in the sequence.
>
More information about the Kclug
mailing list