RE: [Leaf-user] Help needed with portfw - Dachstein release

[Shane Veness]

hi Bob   I am really getting very frustrated here, everything seems to be fine. I ran the "ipmasqadm portfw -ln" like you said, and it came back with this:   TCP    196.33.41.70    192.6.31.253    www    www    10    10   seems fine to me.   Also ran "ipchains -L |more" and I got this as an entry under input chain:   accept TCP ------- anywhere    anywhere    any ---> www   also seems fine.   cheers -----Original Message----- From: Bob Smith [mailto:[EMAIL PROTECTED]] Sent: 06 January 2002 05:25 To: Shane Veness Subject: Re: [Leaf-user] Help needed with portfw - Dachstein release Hi Shane,   That should give you something, but slowly due to DNS reverse lookups. Try, ipmasqadm portfw -ln   Mine looks like:   # ipmasqadm portfw -ln prot localaddr            rediraddr               lport    rport  pcnt  pref TCP  24.18.23.13          192.168.1.100             522      522    10    10 TCP  24.18.23.13          192.168.1.100             389      389    10    10 TCP  24.18.23.13          192.168.1.100            1731     1731    10    10 TCP  24.18.23.13          192.168.1.100            1720     1720    10    10 TCP  24.18.23.13          192.168.1.100            1503     1503    10    10 TCP  24.18.23.13          192.168.1.2                99       99     5    10 TCP  24.18.23.13          192.168.1.2                81       81     4    10 TCP  24.18.23.13          192.168.1.2              3389     3389     5    10   Also try looking at the output of ipchains using: ipchains -L -n|more The first chain should be input and after a bunch of Deny's you should have some Accepts, and your 0.0.0.0/0 should have a port 80 in the last column.   Give that a go.   Cheers     ----- Original Message ----- From: Shane Veness To: 'Bob Smith' Sent: Saturday, January 05, 2002 10:44 AM Subject: RE: [Leaf-user] Help needed with portfw - Dachstein release tried that, still no joy. when I use ipmasqadm portfw -l I get nothing back, is that right? Thanks -----Original Message----- From: Bob Smith [mailto:[EMAIL PROTECTED]] Sent: 05 January 2002 03:46 To: Shane Veness; [EMAIL PROTECTED] Subject: Re: [Leaf-user] Help needed with portfw - Dachstein release Everything in your settings looks good, you have the port open and the forward line in place. I have not used the # INTERN_SERVERS or the INTERN_WWW_SERVER since my web services are redirected on Port 81. I am using the settings a little further down in the scripts. Make sure that you start your list of INTERN_SERVER at 0 and increment them without skipping any. That has always worked for me. Here are my lines:   #Terminal Server INTERN_SERVER0="tcp $EXTERN_IP 3389 192.168.1.2 3389"   #Web Server INTERN_SERVER1="tcp $EXTERN_IP 81 192.168.1.2 81"   If you are going to use this method, then remember to remark out the INTERN_WWW_SERVER entry. You can reload the script using:   /etc/init.d/network reload   There is another way, but I keep forgetting the syntax.   Cheers   ----- Original Message ----- From: Shane Veness To: [EMAIL PROTECTED] Sent: Saturday, January 05, 2002 9:04 AM Subject: [Leaf-user] Help needed with portfw - Dachstein release I am very new to LRP and have downloaded the latest Dachstein floppy release. I am trying to get to my internal web server from outside the network using port forwarding but am having no success. I have  read through some of the mailing list, but this confuses me more. The firewall is running perfectly and I can get internet access from the clients inside the network. My settings are as follows - eth0 - 196.33.41.70/28 (external ip) - eth1 - 192.6.31.252/24 (internal ip) I am trying to forward requests on 196.33.41.70:80 to 192.6.31.253:80 do I need to run the command:     "ipmasqadm portfw -a -P tcp -L 196.33.41.70 80 -R 192.6.31.253 80" as-well, because I have tried that too. ip_masq_portfw in un-commented in the modules file as well. Please help! Thanks ############################################################################### # IP Filter setup - can pull in settings from above ############################################################################### # TCP services open to outside world # Space seperated list: srcip/mask_dstport EXTERN_TCP_PORTS="0/0_80" ############################################################################### # Port Forwarding ############################################################################### # Remember to open appropriate holes in the firewall rules, above # Uncomment following for port-forwarded internal services. # The following is an example of what should be put here. # Tuples are as follows: #       <protocol>_<local-ip>_<local-port>_<remote-ip>_<remote-port> # INTERN_SERVERS="tcp_196.33.41.70_80_192.6.31.253_80"                (HAVE TRIED THIS!!!) # These lines use the primary external IP address...if you need to port-forward # an aliased IP address, use the INTERN_SERVERS setting above #INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available INTERN_WWW_SERVER=192.6.31.253  # Internal WWW server to make available #INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available #INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available #INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available #INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available #EXTERN_SSH_PORT=24  # External port to use for internal SSH access ***************************************************************** Disclaimer and confidentiality note This e-mail message is privileged and confidential. If you are not the intended recipient please delete the message and notify the sender. Any views or opinions presented are solely those of the author. ***************************************************************** Disclaimer and confidentiality note This e-mail message is privileged and confidential. If you are not the intended recipient please delete the message and notify the sender. Any views or opinions presented are solely those of the author. ***************************************************************** Disclaimer and confidentiality note This e-mail message is privileged and confidential. If you are not the intended recipient please delete the message and notify the sender. Any views or opinions presented are solely those of the author.