Then perhaps the line should have ended "-j MASQ"; as I indicated I've only
started "playing" with this. I haven't yet established a NAT from the
outside to an inside (rfc-1918) server.
http://howto.linuxberg.com/LDP/HOWTO/IPCHAINS-HOWTO.html
----- Original Message -----
From: H D Moore <[EMAIL PROTECTED]>
I was trying to do a similar setup, where I have one machine as the
router between a private network and the internet, using the command
line below it would only forward the connection IF the WWW server has a
real IP address vs a private one. The Masqing server would respond back
with a RST packet because it doesnt have a listening socket for that
port...
Gary Maltzen wrote:
>
> I'm still new to this, but I think you're looking for a rule like:
>
> # ipchains -A forward -p TCP -s 0/0 www -d server.ip www -j ACCEPT
>
> -A forward ... add this rule to the 'forward' chain
> -p TCP ... applies to TCP connections
> -s 0/0 www ... any incoming port 80 connection
> -d server.ip www ... routed to port 80 on server.ip
> -j ACCEPT ... accept the packet
>
> This assumes that the RH60 system is already performing MASQ for the
> intranet.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
