Doug Sampson wrote:
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> EXTERN_TCP_PORTS="216.70.236.234/29_ssh 0/0_www 0/0_1023 0/0_8080"
>
>
> # Uncomment following for port-forwarded internal services.
> # The following is an example of what should be put here.
> # Tuples are as follows:
> # <protocol>_<local-ip>_<local-port>_<remote-ip>_<remote-port>
> #INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
> tcp_${EXTERN_IP}_smtp_192.
> INTERN_SERVERS="tcp_${EXTERN_IP}_8080_192.168.1.1_8080"
>
> # These lines use the primary external IP address...if you need to
> port-forward
> # an aliased IP address, use the INTERN_SERVERS setting above
> #INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
> INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available
> #INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available
> #INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available
> #INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available
> #INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available
> #EXTERN_SSH_PORT=24 # External port to use for internal SSH
> access
>
>
> # ipmasqadm portfw -l
> prot localaddr rediraddr lport rport pcnt pref
> TCP ip68-7-207-39.sd.sd.cox.net pegasus.cybersampson.com webcache webcache
> 10 10
> TCP ip68-7-207-39.sd.sd.cox.net pegasus.cybersampson.com imap2 imap2
> 10 10
> TCP ip68-7-207-39.sd.sd.cox.net pegasus.cybersampson.com www www
> 10 10
>
> Note that I can easily access the web server from the internal network. When
> I scan all ports on my router's external interface, it doesn't show port 8080
> as being open. Why is that? Is it because it is above port 1024? I am not
> quite familiar with how ports are used on a private/public network so I'm
> quite sure I'm missing something here. Does this have to do with the
> hosts.allow configuration?
>
> I also see that port forwarding is not enabled for port 8080 to port 8080 on
> my internal web server. What can I do to fix this?
>
> As a side note, I noticed that the default network.conf exposes udp port 53
> (domain) to the public network. Also for tcp port 1023. Are these necessary?
>
> ~Doug
since you are being blocked by Cox on port 80 why not open 8080 and forward that
to 80 on your internal machine?
# Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
EXTERN_TCP_PORT0="0/0 8080 68.7.207.39/32"
If your external IP is dynamic maybe something like this would work
EXTERN_TCP_PORT0="0/0 8080 ${EXTERN_IP}/32"
Then port-forward the service to the internal machine:
INTERN_SERVERS="tcp_${EXTERN_IP}_8080_192.168.1.1_www"
test by doing svi network ipfilter reload
Once you have it working the way you want backup ETC.
You can close down the www port opening in the firewall since it is being blocked
by Cox anyway.
net ipfilter list portfw
or
svi network ipfilter list portfw
should both show a line something like this
TCP 68.7.207.39 192.168.1.1 8080 80
It is not a simple matter to access your server using your outside IP from the
internal network. Access it by its internal IP from inside and test it from the
OUTSIDE using the external IP.
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
