On Tue, 09 Nov 1999 14:14:52 +0100, Emmerich Eggler wrote:
> Hi
>
>I'm trying to setup a similar network.
>
>o any client (from the Internet) [client]
>o a linux-firwall [fw]
>o a web-server behind the firewall [www]
>
>The masq-command was like:
>
>ipmasqadm portfw -a -P tcp -L fw 80 -R www 80
>
>After telnetting from the client to fw:80, I can see that www
>sends the answer directly to the client. The firewall does not
>change the source-address. This means, that the client won't
>accept the answer, because it was waiting for an answer from fw.
>Below you can see the tcpdump.
>
>I'm sure I'm confusing something or just missed a step, so please
>give me a hint.
>
>Thanks
>
>Emmerich
>
Hi,
unfortunatily I'm away from home for the next 2-3 weeks, so
I can not llok up the correct answer to this...
But as far as I can remember,
- it ok, that the source addr. is not changend ( usefull for logging at the
www-server )
- you have to set up masq. for the way back to the client. the correct syntax
currently escapes me, but I can send it to you in 3 weeks time :-)
- have you checked your firewall rules??? it seems to me that you allow
ALL packets to travel free between your interfacesses; this is NOT what
you want from a firewall.
read the documentation on ipchains and the firewall-howto. the first is short
and has some good examples.
Hope this helped a bit.
Bert
>
>
>__________________________________________________________________
> Emmerich Eggler [EMAIL PROTECTED]
> Eggler Communications +41 (0)79 438 75 11
> Wannerstrasse 3/39 +41 (0) 1 463 43 73
> CH-8045 Zuerich http://www.eggler.ch
>-
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
