hi
depends how you have it set up..
I did something similiar...
I have several internal servers, and they use the 192.168 range of internal
ip's
I wanted to make port 80 on one of them visable as port 80 on the external
systems IP.
so, I downloaded ipmasqadm rpm from rpmfind.net (couldn't get a MDK one, so
I just chose the newest src version from another distro and rebuilt it. Then
installed the resultant binary rpm.)
Oncee that was installed, it was simply a matter of adding some rules to the
end of my ipchains rules...
(lacking that you can add it to the end of the /etc/rc.d/rc.local file (make
sure it is executable before you leave)
anyway, here are some example rules for you..
# First Clear the forwarding Rules
ipmasqadm portfw -f
# Second we add a portforward rule for Port 80.
#ipmasqadm portfw -a -P tcp -L $OUTERIP 80 -R $EZEPAY 80
# Now we do the same for SSL.
ipmasqadm portfw -a -P tcp -L $OUTERIP 443 -R $EZEPAY 443
$OUTERIP has been predefined as the IP address of the external machine.
$EZEPAY was predefined as the internal ip of the internal server..
So you can replace the variables with the actual IP's without any hassle.
I made the ports the same, but there is nothing from stopping you sending it
to a different port...
ie port 80 internal to port X on the external machine...
It was surprisingly easy to do... I have it tested and working using the
above rules right now.
If you want the copy of ipmasqadm I used, let me know,, I have it rebuilt
for i686 on mdk 7.2... if you have the same, then great, if not, I can email
you the src rpm, which you put on your linux box and type:
rpm --rebuild
It will tick away for a while and then a new rpm will miracously appear in
/usr/src/RPM/RPMS/iX86
where ixxx is the type of system you have, if its a 486, you will find the
file in i486 if its a pentium, i586,
PII is i686 etc.....
the rpm will be called ipmasqadm0.4.2-4.ix86.rpm
just install that like normal with rpm -ivh ipmasq.........
then put in the rules and start them...
easy as,, you will then have transparent port forwarding...
works great, I wish someone would have told me to do this a week ago,, took
me alot of research to find the best method...
Actually, I will attach the file to rebuild, so if you want it you don't
have to ask again...
good luck,
let me know how you go.
regards
frank
Perth WA
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ed Colmar
Sent: Thursday, 24 May 2001 1:25 AM
To: [EMAIL PROTECTED]
Subject: [newbie] mandrake security question
Hi all!
I've got my mandrake security box up and running... All is
well, except for the few services that I want to make available to
the outside world.
I have the firewall configured to pass http traffic through
to the internal ip address of our web server. 192.168.1.26
So, when I try and load this page from outside the firewall,
do I need to try and connect to the ip address of the firewall
machine's external interface?
I've been trying this with no luck... I can see the web
pages from the internal side, but not from the outside.
Any tips would be greatly appreciated!
BTW... mandrake security rocks!
-e-
ipmasqadm-0.4.2-4.src.rpm
