[Masq] Port forwarding question

Michael Best Fri, 18 Feb 2000 16:46:09 -0800
/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */


On 17 Feb 2000, Mark A. Summers wrote:
 
> forward my Linux system on port 80 to my SCO box on port 80.
> >From outside the firewall it redirects it to the SCO box, correctly and it
uses the web server
> on SCO -- great .  However from behind the firewall when I go to the address
of the Linux box it
> just
> hangs -- What am I missing ?

I had previously posted a patch to this list that fixes this.  Here it is
again:

--- linux/net/ipv4/ip_forward.c.orig    Sun Mar 21 10:22:00 1999
+++ linux/net/ipv4/ip_forward.c Wed Feb  9 12:21:58 2000
@@ -192,33 +192,41 @@
                }
                if (rt->rt_flags&RTCF_MASQ)
                        goto skip_call_fw_firewall;
+
+       } /* MDB 2/3/00 */
 #endif /* CONFIG_IP_MASQUERADE */
 
 #ifdef CONFIG_FIREWALL
                fw_res=call_fw_firewall(PF_INET, dev2, iph, NULL, &skb);
-               switch (fw_res) {
-               case FW_ACCEPT:
-               case FW_MASQUERADE:
-                       break;
-               case FW_REJECT:
-                       icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
-                       /* fall thru */
-               default:
-                       kfree_skb(skb);
-                       return -1;
+               /* MDB 2/4/00: If packet was de-masqed, accept it (we only care about 
+the
FW_MASQUERADE flag later) */
+               if(!(IPCB(skb)->flags&IPSKB_MASQUERADED)) {
+                       switch (fw_res) {
+                       case FW_ACCEPT:
+                       case FW_MASQUERADE:
+                               break;
+                       case FW_REJECT:
+                               icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 
+0);
+                               /* fall thru */
+                       default:
+                               kfree_skb(skb);
+                               return -1;
+                       }
                }
 #endif
 
 #ifdef CONFIG_IP_MASQUERADE
-       }
+       /*} MDB 2/3/00 */
 
 skip_call_fw_firewall:
        /*
         * If this fragment needs masquerading, make it so...
         * (Don't masquerade de-masqueraded fragments)
+        * MDB 2/3/00 - replaced if statement: do masq de-masqed packets
         */
-       if (!(IPCB(skb)->flags&IPSKB_MASQUERADED) &&
-           (fw_res==FW_MASQUERADE || rt->rt_flags&RTCF_MASQ)) {
+       /*if (!(IPCB(skb)->flags&IPSKB_MASQUERADED) &&
+           (fw_res==FW_MASQUERADE || rt->rt_flags&RTCF_MASQ)) {*/
+       if (fw_res==FW_MASQUERADE || 
+               (!(IPCB(skb)->flags&IPSKB_MASQUERADED) && rt->rt_flags&RTCF_MASQ)) {
                u32 maddr;
 
 #ifdef CONFIG_IP_ROUTE_NAT

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES 
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
[Masq] Port forwarding question

Reply via email to
