Hi,
I 'm running the Dachstein LEAF firewall. I'm not able to forwarding the external
traffice which is coming to my valid IPaddr (eth0) to my internal web server which is
a windows 2000 server. I have allready gone through all the related mailing list
archive but could not solve the problem and hence I'm writing to this list. The error
I'm getting in my browser is "Connection faild".... "Connection timed out".
My configuration is as follows.
EXTERN_IP=111.222.333.444
EXTERN_IF =eth0
INTERNAL_IP=10.24.33.224
INTERNAL_IF =eth1
INT_NET = 10.0.0.0/8
IPFWDING_KERNEL= FILTER_ON
IPALWAYSDEFRAG_KERNEL = YES
CONFIG_HOSTNAME = YES
CONFIG_HOSTSFILE = YES
CONFIG_DNS = NO
IPFILTER_SWITCH = firewall
SNMP_BLOCK = YES
EXTERN_DHCP = NO
EXTERN_DHCP = NO
EXTERN_TCP_PORT0="0/0 www 111.222.333.444"
INTERN_SERVERS="tcp_111.222.333.444_www_10.24.33.150_www"
My IPCHAINS RULES looks like they are accepting the connection at 111.222.333.444. But
could not find the solution. Could anybody help me in that regard.
Regards .
Thanks.
For your refrence I'm herewith attaching my ipchains output.
-------------------------------------------------------------------------------------------------------------------
Chain input (policy DENY: 2 packets, 256 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source
destination ports
2 56 DENY udp ------ 0xFF 0x00 eth0
165.165.8.1 0.0.0.0/0 * -> 37
15 900 DENY udp ------ 0xFF 0x00 eth0
165.165.8.1 0.0.0.0/0 * -> 514
6 1065 DENY udp ------ 0xFF 0x00 eth0
164.100.250.91 0.0.0.0/0 * -> 631
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0
0.0.0.0/0 5 -> *
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0
0.0.0.0/0 13 -> *
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0
0.0.0.0/0 14 -> *
0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0
0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/8
0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
111.222.333.444 0.0.0.0/0 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0.0.0/0
127.0.0.0/8 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0.0.0/0
10.0.0.0/8 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 135 -> *
5 300 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
111.222.333.444 * -> 80
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 113
0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 1024:65535
0 0 REJECT udp ----l- 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 161:162
94 31265 DENY udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 67
16 2150 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 1024:65535
0 0 ACCEPT icmp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> *
0 0 ACCEPT ospf ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 n/a
0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0
0.0.0.0/0 * -> 161:162
0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0
0.0.0.0/0 161:162 -> *
150 20397 ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0
0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source
destination ports
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0
0.0.0.0/0 5 -> *
0 0 MASQ tcp ------ 0xFF 0x00 *
10.24.33.129 0.0.0.0/0 80 -> *
0 0 MASQ all ------ 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 * 0.0.0.0/0
0.0.0.0/0 n/a
Chain output (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source
destination ports
31 17832 fairq all ------ 0xFF 0x00 * 0.0.0.0/0
0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0
0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/8
0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0
0.0.0.0/0 135 -> *
31 17832 ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0
0.0.0.0/0 n/a
Chain fairq (1 references):
pkts bytes target prot opt tosa tosx ifname mark outsize source
destination ports
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 520
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 520 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 179
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 179 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 * -> 23
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 23 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 * -> 22
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 22 -> *
-------------------------------------------------------------------------------------------------------------------
:: Port FW ::
prot localaddr rediraddr lport rport pcnt pref
TCP 164.100.53.100 10.24.33.129 80 80 10 10
Thanks once again.
Sudhir Barwal
Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
