unsubscribe ----- Original Message ----- From: "Ashley Thomas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 07, 2001 8:47 PM Subject: Re: Masquerading issue: please help
> > thanks for the reply! > > Yes. The port forwarding and masq is working. > But i am not able to ssh from 10.0.0.154 to 10.0.0.199 > > I thought this would take care of that: > #Allow ssh in and out > $IPCHAINS -A input -i eth0 -p tcp --dport 22 -j ACCEPT > $IPCHAINS -A output -i eth0 -p tcp --sport 22 -j ACCEPT > $IPCHAINS -A input -i eth1 -p tcp --sport 22 -j ACCEPT > $IPCHAINS -A output -i eth1 -p tcp --dport 22 -j ACCEPT > > Can you see any problem ? > > thanks a lot > ashley > > ------------------------------------------------------------------ > My script : > ------------------------------------------------------------------ > > #!/bin/bash > > IPCHAINS="/sbin/ipchains" > IPMASQADM="/usr/sbin/ipmasqadm" > > #Clear all previous stuff > $IPCHAINS -F input > $IPCHAINS -F output > $IPCHAINS -F forward > > #Deny everything by default > $IPCHAINS -P input DENY > $IPCHAINS -P output DENY > > #Do the change ip-addr in the header while forwarding > $IPCHAINS -P forward DENY > $IPCHAINS -A forward -i eth0 -j MASQ > #$IPCHAINS --append forward --interface eth0 --jump MASQ > > #$IPCHAINS -A forward -i eth0 -s 10.0.0.0 -d 0.0.0.0/0 -j MASQ > > #Allow ssh in and out > $IPCHAINS -A input -i eth0 -p tcp --dport 22 -j ACCEPT > $IPCHAINS -A output -i eth0 -p tcp --sport 22 -j ACCEPT > $IPCHAINS -A input -i eth1 -p tcp --sport 22 -j ACCEPT > $IPCHAINS -A output -i eth1 -p tcp --dport 22 -j ACCEPT > > #Clear the prev stuff > $IPMASQADM portfw -f > $IPMASQADM portfw -a -P tcp -L 150.2.3.5 22 -R 10.0.0.154 22 > > #enable ip forwarding > echo "1" > /proc/sys/net/ipv4/ip_forward > > -------------------------------------------------------------------------- - > > > > On Fri, 7 Dec 2001 [EMAIL PROTECTED] wrote: > > > On Fri, 7 Dec 2001, Ashley Thomas wrote: > > > I have a network as: > > > > > > <external > <internal> > > > > > > 150.2.3.4 ------------ 150.2.3.5 <Firwall> 10.0.0.199 -------10.0.0.154 > > > > > > I need to configure the Firewall to block everything from the external net > > > except ssh, which has to be port forwarded to the internal m/c 10.0.0.154 > > <snip> > > > $IPMASQADM portfw -a -P tcp -L 150.2.3.4 22 -R 10.0.0.154 22 > > > > Ashley, your picture is a bit confusing to me. I'm assuming the firewall > > itself has two nics, with the 150.2.3.5 (external) and 10.0.0.199 > > (internal) interfaces. The rule above should be > > > > $IPMASQADM portfw -a -P tcp -L 150.2.3.5 22 -R 10.0.0.154 22 > > > > and it should work, otherwise you are going to have to explain your > > network setup a bit better. > > > > hth > > charles > > > > > > > > _______________________________________________ > > Redhat-list mailing list > > [EMAIL PROTECTED] > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
