hi shane,
begin Shane Veness <[EMAIL PROTECTED]>
> I am very new to LRP and have downloaded the latest Dachstein floppy
> release. I am trying to get to
> my internal web server from outside the network using port forwarding but am
> having no success. I have
> read through some of the mailing list, but this confuses me more.
>
> The firewall is running perfectly and I can get internet access from the
> clients inside the network.
>
> My settings are as follows - eth0 - 196.33.41.70/28 (external ip) - eth1 -
> 192.6.31.252/24 (internal ip)
>
> I am trying to forward requests on 196.33.41.70:80 to 192.6.31.253:80
>
> do I need to run the command: "ipmasqadm portfw -a -P tcp -L
> 196.33.41.70 80 -R 192.6.31.253 80"
no -- you don't. dachstein will do this for you.
one *big* word of advice. if everything looks good but portforwarding
isn't working, don't forget to:
1. look at what port forwarding is already in place:
ipmasqadm portfw -l
2. look at your hosts.deny and hosts.allow file.
3. look at ipchains -L
to see exactly where the problem is. 3 might be difficult unless you're
really comfortable with pouring through ipchains entries (after more
than a year and a half of using ipchains, i'm still not very good at
it). but 1 and 2 should be easy enough.
also, when you make changes to network.conf, don't forget to restart
networking.
/etc/init.d/network stop; /etc/init.d/network start
i put it on one line in case you're working through an ssh connection
from one of your internal machines. (otherwise, you lose the
connection. that's already happened to me). i noticed that the init.d
scripts don't have the standard "restart" directive.
> # INTERN_SERVERS="tcp_196.33.41.70_80_192.6.31.253_80" (HAVE
> TRIED THIS!!!)
>
> # These lines use the primary external IP address...if you need to
> port-forward
> # an aliased IP address, use the INTERN_SERVERS setting above
> #INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
> INTERN_WWW_SERVER=192.6.31.253 # Internal WWW server to make available
> #INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available
> #INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available
> #INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available
> #INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available
> #EXTERN_SSH_PORT=24 # External port to use for internal SSH access
comment: i currently use both INTERN_SERVERS and INTERN_X_SERVER. i
don't really understand what the difference is between them. perhaps
some kind soul on the list would care to comment on this?
also -- did you open up holes in your firewall for the services? i
think you do this with the EXTERN_ variables. here's what i have:
# TCP services open to outside world
# Space seperated list: srcip/mask_dstport
EXTERN_TCP_PORTS="0/0_ssh 0/0_www 0/0_smtp 169.237.105.80/0_123 128.115.14.97/0_ 123
0/0_1023 0/0_6346"
without defining the EXTERN_TCP_PORTS, your firewall will be willing to
forward stuff to an internal server, but won't allow the packets to
enter in the first place (bride waiting at the doors of the chapel, but
the doors are locked...)
pete
--
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
PGP Public Key: finger [EMAIL PROTECTED]
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
