/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Hi Mark,
I'm not sure what these observations I had in a similar situation mean. I do not mean
to draw any
conclusions about how this stuff works; I have not read the code. Nonetheless, what I
observed is that
port forwarding works when packets enter one NIC and exit via another NIC. The
situation you are
describing, you wish to have packets enter a NIC, get port forwarded and exit via the
same NIC. This
did not work for me in my recent experience (2.2.14 kernel).
My solution in that situation, since I did not have time to post a question for help,
was to setup an
"internal" DNS server. I tweaked the zone files so that mydomain.com ==
192.168.myprivate.address.
The "external" DNS resolves mydomain.com to my.real.internet.address, so the rest of
the world can get
there too. (Note: "external" and "internal" are seperate computers)
Regards,
Alan Hysinger
"Mark A. Summers" wrote:
> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
>
> I am running Red Hat 6.1 as my firewall (et al.) and I have an SCO OpenServer 5.0.5
> box behind it as a private ip address 192.168.1.203, as well as all of my Windows 98
>boxes.
> Everything works fine -- I am able to get out to the net with masquerading, ftp,
>telnet etc all
> work fine to internal servers as well as out to the net. However I tried to
> forward my Linux system on port 80 to my SCO box on port 80.
> >From outside the firewall it redirects it to the SCO box, correctly and it uses the
>web server
> on SCO -- great . However from behind the firewall when I go to the address of the
>Linux box it
> just
> hangs -- What am I missing ?
>
> ipmasqadm portfw -f
> ipmasqadm mfw -F
> ipmasqadm autofw -F
>
> ipchains -F
> ipchains -A forward -i eth1 -j MASQ
>
> ipmasqadm portfw -a -P tcp -L 12.34.16.62 80 -R 192.168.1.203 80
>
> ipchains -I input -p tcp -s 0/0 -d 12.34.16.62 80 -m 10
> ipmasqadm mfw -A -m 10 -r 192.168.1.203 80 -p 10
>
> Thanks in advance
> Mark Summers
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
>UNSUBSCRIBING!
> or email to [EMAIL PROTECTED]
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
