[PLUG] Port Forwarding woes...

Patrick Adlam adlam@expert.cc.purdue.edu
Mon, 28 Aug 2000 18:26:20 -0500 (EST) 

If you have your policies set to DENY or REJECT, add these lines:

ipchains -A input -p tcp -i eth0 -s 0/0 1024: -d $EXTERNM 80 -j ACCEPT
ipchains -A output -p tcp -i eth0 ! -y -s $EXTERNM 80 -d 0/0 1024: -j
ACCEPT
ipmasqadm portfw -a -P tcp -L $EXTERN 80 -R $E1SUB0 80

Where $EXTERNM is your external IP addess plus mask (ie
128.211.238.16/32), $EXTERN is the IP address of the machine, $E1SUB0
is the IP address of the web server.  I'm assuming that you have your
server running on port 80, eth0 is your external interface and eth1 is
your internal interface.  If teh policy is REJECT or DENY you still have
to make previsions for your gateway to talk and accept packets from your
web server.

ipchains -A input -i eth1 -s $INTIPM -d 0/0 -j ACCEPT
ipchains -A output -i eth1 -s 0/0 -d $INTIPM -j ACCEPT

$INTIPM is the IP and mask of your internal network.  

Check out a book called "Building Internet Firewalls", the first addition
mostly focuses on linux and provides explicate lines on how to get certain
services working,  the second addition explains basically the same thing
but includes other operating systems, and instead of giving explicite
lines it tells the packet activity/trends and from that you can develope
rules.


padlam

On Sun, 27 Aug 2000, Matthew Laurence Wirges wrote:

> 	I have a firewall running redhat 6.0 (2.2 kernel).  I have been trying
> to get port forwarding to work so I can access my webserver from the
> outside world.  I have looked at howto's and message boards and have not
> had any luck so I thought I try here.  
> 	All I am doing is forwarding my firewall external ip to my webserver
> (192.168.0.21).  I enter the rule correctly (or so I think) and when I
> go to access my firewall on port 80, instead of forwarding to my
> webserver it just sits there saying "waiting for reply".  If anybody has
> any suggestions or can tell me any common problems that could cause it
> to just not work, let me know.
>  Other side notes:
> 	Yes, it has the ipportfw module loaded
> 	Yes, I am using ipmasqadm
> 	Yes, both computers are functioning properly (As far as I know)
> 	Yes, the webserver on the computer I am trying to forward to is
> 		working correctly
> Thanks in advance!
> -- 
> ===========================================================
> | Matt Wirges                                             |
> | Student, Programmer, Systems Administrator.             |
> | Office: [765]464-1148				          |
> | Email: wirges@expert.cc.purdue.edu                      |
> |        || sysadmin@sharpwebinnovations.com		  |
> |==========================================================
> 
> ____________________________________________________
> The Purdue Linux Users' Group (PLUG) mailing list.
> plug mailing list  -  plug@csociety.purdue.edu
> http://csociety.ecn.purdue.edu/mailman/listinfo/plug
>