[Masq] Q: port forwarding on kernel 2.2.13

Sun, 31 Oct 1999 19:57:35 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */


Hi,

I'm trying to set up port forwarding on a Linux box whose
kernel version is 2.2.13. But it doesn't work. Could anyone
read the following situation and point out what is wrong? I
appreciate any advice to fix my problem.

My network environment is like following,

   +------+ 2       1 +-----+ 1      2 +------+
   |client|---+   +---|Linux|---+  +---|server|
   +------+   |   |   +-----+   |  |   +------+
            |-+---+-|         |-+--+-|
          172.16.0.0/24     192.168.0.0/24    

I executed the following commands on the Linux box to set up
port forwarding.

  # ipchains -F
  # ipmasqadm portfw -f
  # ipmasqadm portfw -a -P tcp -L 172.16.0.1 10023 -R 192.168.0.2 23
  # ipchains -L -n
  Chain input (policy ACCEPT):
  Chain forward (policy ACCEPT):
  Chain output (policy ACCEPT):
  # ipmasqadm portfw -ln
  prot localaddr            rediraddr               lport    rport  pcnt  pref
  TCP  172.16.0.1           192.168.0.2             10023       23    10    10

And I tried to access to port 10023 on 172.16.0.1 by telnet
from 172.16.0.2 machine. It failed with time out.

  $ telnet 172.16.0.1 10023
  Trying 172.16.0.1...
  telnet: Unable to connect to remote host: Operation timed out

But I can see something happened on the Linux box for the
port forwarding before the time out occurred.

  # ipchains -M -L -n
  IP masquerading entries
  prot expire   source               destination          ports
  TCP  00:55.62 192.168.0.2          172.16.0.2          23 (10023) -> 1522

Of course, I can access to the telnet port on 192.168.0.2
from 192.168.0.1 (the Linux box) directly.

I also tried it with the following commands. But I can't find
any differences. The result is the same to the above.

  # ipchains -F
  # ipmasqadm portfw -f
  # ipchains -P forward DENY
  # ipchains -A input -p tcp -y -d 172.16.0.1 10023 -j ACCEPT
  # ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -j MASQ
  # ipmasqadm portfw -a -P tcp -L 172.16.0.1 10023 -R 192.168.0.2 23

--
Ryoji Kobayashi
[EMAIL PROTECTED]
Riki Network Systems Inc.

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES 
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to