On 14 Aug 2000, Dave Seidel wrote:
> I have the two lines that start with "/usr/sbin/ipmasqadm" commented out in my
> version of rc.firewall, because for some reason I don't have that command on my
> system. Instead, I have these three lines:
The IPMASQADM package is for port forwarding of traffic from a public
address to a private address. Well, actually it's just for the forwarding
of traffic based on port. The addresses can be anything.
> echo 1 > /proc/sys/net/ipv4/ip_forward
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
>
> followed by the rest of rc.firewall. It does basically the same thing, but I
> don't have to explicitly tell the script what my IP address is. (192.168.1.0
> is the address of my internal network.)
OK, the lines above have absolutly nothing to do with the lines that
Charlie has. Charlies firewall script forwarded anything that hit the
outside of the firewall on port 81 to an internal system on port 80. I'm
guessing that he is running a webserver inside the firewall. The lines
that you have posted do two different things: 1) modify /proc so the
kernel allows forwarding and 2) masquerade all outgoing traffic.
Kenny
> -- Dave
>
>
> On Sun, 13 Aug 2000 22:30:26 -0400 (EDT), Charles Farinella said:
>
> >
> > I have the following line in my rc.firewall script:
> > ==/usr/sbin/ipmasqadm portfw -a -P tcp -L (external ipaddress) 81 -R
> > (internal ipaddress) 80==
> >
> > The external address connects to Mediaone, the internal address to a small
> > network.
> >
> > What will happen when Mediaone changes my address, what will I have to do
> > to fix it, and can I change this line to anticipate the change?
> >
> > C
> >
> > --
> > Charles Farinella
> > [EMAIL PROTECTED]
> >
> >
> > **********************************************************
> > To unsubscribe from this list, send mail to
> > [EMAIL PROTECTED] with the following text in the
> > *body* (*not* the subject line) of the letter:
> > unsubscribe gnhlug
> > **********************************************************
> >
> >
>
>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
