I don't think the INTERN_SERVERS line is needed in your case but I also
don't know if it is a problem to define portforwarding twice (ie. including
the INTERN_WWW_SERVER= line as well). Do you know if Road Runner is blocking
port 80 access? That would certainly prevent external access to your server.
You could also check your firewall rules log to see if the packets are even
reaching your router.
Stephen
> I am using Eigerstein, straight from charle's sight, and I can not
> setup a www server using port forwarding. I have read numerous,
> postings, faqs, etc. I am still lost. My computer is behind a Road
> Runner Cable modem. I have no other problems than port forwarding. I
> want to use my redhat server at 192.168.1.4 I will atch my network.conf
> file from my lrp.
>
> VERBOSE=YES
> MAX_LOOP=10
>
> IPFWDING_KERNEL=YES
>
> IPALWAYSDEFRAG_KERNEL=YES
>
> CONFIG_HOSTNAME=YES
>
> CONFIG_HOSTSFILE=YES
>
> CONFIG_DNS=NO
>
>
############################################################################
> ###
> # Interfaces
>
############################################################################
> ###
>
> # Start pppd PPP interfaces first as pppd's use of DNS can delay
> startup. #
> # Interfaces to start on boot go here - ie "ppp0 eth0"
> IF_AUTO="eth1"
> # List of all configured interfaces, manual start and boot start
> IF_LIST="$IF_AUTO"
>
> # Accept ICMP Redirects on ALL interfaces, also depends on /proc
> # per interface IP forwarding flag. - YES/NO
> ALLIF_ACCEPT_REDIRECTS=NO
>
> # Need these both for interfaces run by daemons - ie PPP, CIPE, some #
> WAN interfaces
> # IP spoofing protection by default for interfaces - YES/NO
> DEF_IP_SPOOF=YES
> # Kernel logging of spoofed packets by default for interfaces - YES/NO
> DEF_IP_KRNL_LOGMARTIANS=NO
>
> # Bridge Setup - Global stuff
> #
> # Enable bridging - YES/NO
> BRG_SWITCH=NO
> # Exempt ethernet protocol types - type "brcfg list" to find out
> allowed # values
> BRG_EXEMPT_PROTOS=""
>
> eth0_IPADDR=0.0.0.0
> eth0_MASKLEN=0
> eth0_BROADCAST=0.0.0.0
> # Use this to set the default route if required - ONLY one to be set. #
> routed or gated could be used to set this so only use if not running
> these.
> eth0_DEFAULT_GW=0.0.0.0
> # Secondary IP addresses/networks on same wire - add them here
> #eth0_IP_EXTRA_ADDRS="192.168.1.193 192.168.2.1/24"
> # IP spoofing protection on this interface - YES/NO
> eth0_IP_SPOOF=YES
> # Kernel logging of spoofed packets on this interface - YES/NO
> eth0_IP_KRNL_LOGMARTIANS=NO
> # This setting affects the processing of ICMP redirects. Setting it to
> NO # makes this more secure. Don't turn this off if you have two IP
> # networks/subnets on the same media - YES/NO
> eth0_IP_SHARED_MEDIA=NO
> # Bridge this interface - YES/NO
> eth0_BRIDGE=NO
> # Proxy-arp from this interface, no other config required to turn on
> proxy ARP!
> # - YES/NO
> eth0_PROXY_ARP=NO
> # Simple QoS/fair queueing support
> # Turn on Stochastic Fair Queueing - useful on busy DDS links - YES/NO
> eth0_FAIRQ=NO
> # Ethernet Transmit Queue Length
> # eth0_TXQLEN=100
> # Complex QoS - Enable all of these + above to turn it on
> #eth0_BNDWIDTH=10Mbit # Device bandwidth
> #eth0_HNDL=2 # Queue Handle - must be unique
> #eth0_IABURST=100 # Interactive Burst
> #eth0_IARATE=1Mbit # Interactive Rate
> #eth0_PXMTU=1514 # Physical MTU - includes Link Layer header
>
> eth1_IPADDR=192.168.1.254
> eth1_MASKLEN=24
> eth1_BROADCAST=192.168.1.255
> eth1_IP_SPOOF=YES
> eth1_IP_KRNL_LOGMARTIANS=NO
> eth1_IP_SHARED_MEDIA=NO
> eth1_BRIDGE=NO
> eth1_PROXY_ARP=NO
> eth1_FAIRQ=NO
>
> # Sangoma FR example
> #fr498_IPADDR=10.0.10.1
> #fr498_PTPADDR=10.0.10.2
> #fr498_IP_SPOOF=YES
> #fr498_IP_KRNL_LOGMARTIANS=YES
> # Simple QoS support
> #fr498_FAIRQ=YES
> #fr498_TXQLEN=50
> # Complex FR QoS - Enable ALL of these + above to turn it on
> #fr498_FRBURST=960Kbit # FR Burst capacity (a rate)
> #fr498_BULKRATE=320Kbit # Usually you set this to the CIR
> #fr498_BULKBURST=50 # Number of packets that can burst in bulk class
> #fr498_BNDWIDTH=1920Kbit # The bandwidth of the interface
> #fr498_IABURST=512 # No of Interactive Burst packets
> #fr498_IARATE=640Kbit # Burst capicity bandwith between
> # BURST and CIR
> #fr498_HNDL=2 # The queue handle - must be unique Dialup PPP is 1000+
> #fr498_PXMTU=1508 # The Physical MTU of the interface (data + MAC
> header)
>
> # PPP interface stuff - these apply to all ASYNC ppp interfaces,
> options # same as ethernet above.
> ppp_BNDWIDTH=30Kbit
> ppp_FAIRQ=YES
> ppp_TXQLEN=30
> ppp_IABURST=20
> ppp_IARATE=10Kbit
> ppp_PXMTU=1500
>
>
############################################################################
> ###
> # IP Filter setup - can pull in settings from above
>
############################################################################
> ###
>
> # Set up the basic type of filtering. Can be one of
> (none|router|firewall) # You must load the ip_masq_* modules to enable
> full IP masquerading, and # ip_masq_portfw if you want to forward
> external ports pop-3, mtp, www # to internal machines below.
> IPFILTER_SWITCH=firewall
>
> # This set of variables is used with both sets of filters
> SNMP_BLOCK=YES # Block all SNMP (YES/NO)
> # List of IP Nos used for SNMP
> management
> SNMP_MANAGER_IPS=""
> # Fair Queuing support
> # List of Mark values
> MRK_CRIT=1 # Critical traffic, routing, DNS
> MRK_IA=2 # Interactive traffic - telnet, ssh, IRC
> # List of traffic types and maps to mark values
> # Setting this variable turns on the
> # fairq chain
> CLS_FAIRQ="${MRK_CRIT}_89_0/0 ${MRK_CRIT}_udp_0/0_route
> ${MRK_CRIT}_tcp_0/0_bgp ${MRK_CRIT}_tcp_0/0_domain
> ${MRK_CRIT}_udp_0/0_domain ${MRK_IA}_tcp_0/0_telnet
> ${MRK_IA}_tcp_0/0_ssh"
>
> # This set of variables is used with the basic routing filter setup
>
> # This set of variables is used with a basic IP masquerading firewall
> setup #Notation - IP addresses/masklen
> #
> # NOTE: Do NOT turn on the DMZ network or ANY external port
> masquerading/ # port forwarding when EXTERN_DYNADDR is on because some
> security
> # leaks will result. You may also want to limit the external open
> # ports to domain (UDP) for DNS. Anyhow, these features are not that
> # usable unless you have a static external address
> #
> EXTERN_IF="eth0" # External Interface
>
> #
> # Start of changes by Charles Steinkuehler for DHCP
> #
>
> # Added for DHCP support
> # Setting this to YES causes the script to read EXTERN_IP directly from
> # the interface
> EXTERN_DHCP=YES # - YES/NO
>
> # The interface to configure via dhcp
> IF_DHCP=$EXTERN_IF
>
>
> # If YES, your firewall filters use 0/0 for your IP address, instead of
> your # actual IP address. Set this to NO for typical ethernet setups,
> even if you
> # are using DHCP
> # External Address dynamically assigned
> EXTERN_DYNADDR=NO # - YES/NO
> # -- OR --
> EXTERN_IP=0.0.0.0 # External Interface IP number
>
> # If external interface is DHCP, read the IP address
> # This should probably be moved to the init.d network script, but it
> seemed # I put it here for now, as it is more obvious what it is doing,
> in case it # messes something else up.
> if [ "$EXTERN_DHCP" = "YES" ] || \
> [ "$EXTERN_DHCP" = "Yes" ] || \
> [ "$EXTERN_DHCP" = "yes" ]; then
>
> # This computes the IP address of $EXTERN_IF
> # Grep extracts just the line(s) with IP address information from the
> output
> # of ip addr. The first sed gets rid of all but the first line (in
> case # there are several IP addresses for some reason), and next sed
> extracts # just the IP address in dot quad notation.
> EXTERN_IP=`ip addr list label $EXTERN_IF | \
> grep inet | \
> sed '1!d' | \
> sed 's/^[^.0-9]*\([.0-9]*\).*$/\1/'`
>
> # Debugging - Remove if you like
> # echo Extern IP: $EXTERN_IP
>
> # If the external address is not configured, use a bogus address for
> the # external interface to prevent a bunch of (harmless) errors that
> spit out # when the IPCHAINS script is called.
> if [ x$EXTERN_IP = x ]; then
> EXTERN_IP=192.168.254.254
> fi
> fi
>
> # UDP Services open to outside world
> # - srcip/mask_dstport
> # NOTE: bootpc port is used for dhcp client
> EXTERN_UDP_PORTS="0/0_domain 0/0_ntp 0/0_bootpc 0/0_www"
>
> #
> # End of changes made by Charles Steinkuehler for dhcp support
> #
>
> # TCP services open to outside world
> # - srcip/mask_dstport
> EXTERN_TCP_PORTS="0/0_ssh 0/0_smtp 0/0_www"
>
> # Internal interface
> INTERN_IF="eth1" # Internal Interface
> INTERN_NET=192.168.1.0/24 # Internal network (to be masqueraded)
> INTERN_IP=192.168.1.254 # IP number of Internal Interface
> # (to allow forwarding to external IP)
> MASQ_SWITCH=YES # Masquerade internal network to outside
> # world - YES/NO
> # These services are not masqueraded from inside to outside.
> proto_destnet_port
> # Allows the firewall to be trusted for ssh access to routers...
> # Override for below
> #NOMASQ_DEST_BYPASS="tcp_10.0.0.1_ssh"
> # services not to be masqueraded
> #NOMASQ_DEST="tcp_0/0_ssh"
> # Uncomment following for internal services.
> # The following is an example of what should be put here.
> # Tuples are as follows:
> # <protocol>_<extern-ip>_<extern-port>_<intern-ip>_<intern-port>
> INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
> tcp_${EXTERN_IP}_www_192.168.1.4_www"
>
> # These lines use the primary external IP address...if you need to
> port-forward
> # an aliased IP address, use the INTERN_SERVERS setting above
> #INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
> INTERN_WWW_SERVER=192.168.1.4 #Internal WWW server to make available
> #INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make
> available #INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to
> make available #INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server
> to make available #INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server
> to make available #EXTERN_SSH_PORT=24 # External port to use for
> internal SSH access
>
>
############################################################################
> ###
> # Interface activation/deactivation functions
> # Here so that special interface commands can be called and daemons
> started #
> # Arps can be set up here, network/host routes and so forth.
> #
> # This appears to be a little messy but is needed to achieve maximum #
> functionality and flexibility.
> #
>
############################################################################
> ###
>
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
