Hi all,
I have a network as: <external > <internal> 150.2.3.4 ------------ 150.2.3.5 <Firwall> 10.0.0.199 -------10.0.0.154 I need to configure the Firewall to block everything from the external net except ssh, which has to be port forwarded to the internal m/c 10.0.0.154 Also i should be able to ssh from 10.0.0.154 to 10.0.0.199 I see that the request from 150.2.3.4 to 150.2.3.5:22 is being forwarded to 10.0.0.154:22 but the src ip address is still 150.2.3.4. It had to be 10.0.0.199, right ? My ipchains script looks like: #!/bin/bash IPCHAINS="/sbin/ipchains" IPMASQADM="/usr/sbin/ipmasqadm" #Clear all previous stuff $IPCHAINS -F input $IPCHAINS -F output $IPCHAINS -F forward #Deny everything by default $IPCHAINS -P input DENY $IPCHAINS -P output DENY #Do the change ip-addr in the header while forwarding $IPCHAINS -P forward DENY $IPCHAINS -A forward -i eth0 -j MASQ #$IPCHAINS --append forward --interface eth0 --jump MASQ #$IPCHAINS -A forward -i eth0 -s 10.0.0.0 -d 0.0.0.0/0 -j MASQ #Allow ssh in and out $IPCHAINS -A input -i eth0 -p tcp --dport 22 -j ACCEPT $IPCHAINS -A output -i eth0 -p tcp --sport 22 -j ACCEPT $IPCHAINS -A input -i eth1 -p tcp --sport 22 -j ACCEPT $IPCHAINS -A output -i eth1 -p tcp --dport 22 -j ACCEPT #Clear the prev stuff $IPMASQADM portfw -f $IPMASQADM portfw -a -P tcp -L 150.2.3.4 22 -R 10.0.0.154 22 #enable ip forwarding echo "1" > /proc/sys/net/ipv4/ip_forward Do you see what's the problem ? Please help me out ! ---------------------------------------------------- thanks a lot ashley _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
