Hi Hernan,
you're right. They are in the ipvsadm table. But it does not forward the
incomming traffic to the web server.
What goes wrong?
Hernan Vidoni schrieb:
> Hi there
> The SNF doesn't use the port forwarding with the ipchains command, it
> use the ipvsadm command, that's why you don't see it in the ipchain's list.
> Use "man ipvsadm" to see how it works.
> Saludos.
> Hernán Vidoni.
>
>> Hi!
>>
>> I'm using SNF 7.2 with NAT and I want to use also Port-Forwarding for
>> a Web-Server and smtp.
>>
>> I put the rules in NAAT - Restricted Access - Internet Access
>>
>> The Rules are in the input-chain, but not in the output-Chain. Waht
>> can I do???
>>
>>
>>
>>
>> [root@router /root]# ipchains -L
>> Chain input (policy DENY):
>> target prot opt sourcedestination ports
>> ACCEPT icmp -- anywhere anywhere
>> fragmentation-needed
>> DENY all l- 224.0.0.0/4 anywhere n/a
>> DENY all l- anywhere 192.168.98.0/24 n/a
>> DENY all l- 192.168.98.0/24 anywhere n/a
>> DENY all l- anywhere 192.168.98.0/24 n/a
>> DENY all l- 192.168.98.0/24 anywhere n/a
>> ACCEPT all -- anywhere anywhere n/a
>> ACCEPT all -- anywhere anywhere n/a
>> ACCEPT tcp -- anywhere router.avalon-net.net
>> any -> ssh
>> ACCEPT tcp -- anywhere router.avalon-net.net
>> any -> 1
>> ACCEPT tcp -- anywhere router.avalon-net.net
>> any -> ntp
>> ACCEPT tcp -- anywhere router.avalon-net.net
>> any -> domain
>> ACCEPT tcp -- anywhere router.avalon-net.net
>> any -> 8443
>> ACCEPT udp -- anywhere router.avalon-net.net
>> any -> ntp
>> ACCEPT udp -- anywhere router.avalon-net.net
>> any -> domain
>> ACCEPT icmp -- anywhere anywhere any
>> -> any
>> ACCEPT tcp -- anywhere anywhere any
>> -> domain
>> ACCEPT tcp -- anywhere anywhere any
>> -> mysql
>> ACCEPT tcp -- anywhere anywhere any
>> -> www
>> ACCEPT tcp -- anywhere anywhere any
>> -> 6346
>> ACCEPT tcp -- anywhere anywhere any
>> -> ntp
>> ACCEPT tcp !y anywhere anywhere any
>> -> any
>> ACCEPT icmp -- anywhere anywhere
>> destination-unreachable
>> ACCEPT icmp -- anywhere anywhere echo-reply
>> ACCEPT icmp -- anywhere anywhere time-exceeded
>> DENY icmp l- anywhere anywhere any
>> -> any
>> ACCEPT udp -- anywhere anywhere any
>> -> domain
>> ACCEPT udp -- anywhere anywhere any
>> -> ntp
>> DENY udp l- anywhere anywhere any
>> -> 2049
>> ACCEPT udp -- 62.225.244.197 anywhere domain ->
>> 1024:65535
>> ACCEPT udp -- 194.25.2.129 anywhere domain ->
>> 1024:65535
>> DENY all l- anywhere router.avalon-net.net n/a
>> DENY tcp -- anywhere router.avalon-net.net
>> any -> any
>> DENY udp -- anywhere router.avalon-net.net
>> any -> any
>> ACCEPT tcp -- 192.168.98.0/24 anywhere any
>> -> any
>> ACCEPT tcp -- 192.168.98.0/24 anywhere any
>> -> domain
>> ACCEPT udp -- 192.168.98.0/24 anywhere any
>> -> any
>> ACCEPT udp -- 192.168.98.0/24 anywhere any
>> -> domain
>> DENY all l- 192.168.98.0/24 anywhere n/a
>> DENY all l- anywhere anywhere n/a
>> Chain forward (policy DENY):
>> target prot opt sourcedestination ports
>> DENY tcp l- anywhere anywhere
>> netbios-ns:netbios-ssn -> any
>> DENY udp l- anywhere anywhere
>> netbios-ns:netbios-ssn -> any
>> MASQ all -- 192.168.98.0/24 anywhere n/a
>> DENY all l- anywhere anywhere n/a
>> Chain output (policy ACCEPT):
>> target prot opt sourcedestination ports
>> ACCEPT icmp -- anywhere anywhere
>> fragmentation-needed
>> ACCEPT icmp -- anywhere anywhere any
>> -> any
>> [root@router /root]#
>>
>>
>> --
>> mfg
>>
>> Andre
>
>
>
>
>
> Hernán Vidoni
> ICQ: 4765459
> [EMAIL PROTE