I think you need to use ipmasqadm with the "portfw" option. Get rid of that ipchains rule first. > -----Original Message----- > From: Eric Stanley [mailto:barnabas at knicknack.net] > Sent: Wednesday, June 06, 2001 6:03 AM > To: tclug-list at mn-linux.org > Subject: Re: [TCLUG] Port forwarding newbie Q > > > The way I'd do it is to change the first rule below so that the > destination IP is the external IP on your firewall. I think you know > that you can't route traffic from the greater Internet to a > non-routable address like 192.168.1.1 so accepting traffic for that > address on your firewall is useless; it should never happen (barring > spoofing or something like that). > > You may also need to make sure your forward (and output) rules allow > traffic to the web server. > > Finally, if you don't already have it, you'll also need a port forward > command (ipmasqadm portfw) to forward traffic from port 80 on the > external I/F of the firewall to port 80 on the internal web server. > > Hope that helps, > > Eric > > On Wed, Jun 06, 2001 at 01:06:57AM -0500, Phil Mendelsohn wrote: > > Can someone take a quick peek and tell me why I'm not > getting through the > > firewall from the outside? Here is the ipchain. I just > want to forward > > port 80 (www) requests to an internal host. > > > > > > Chain forward (policy DENY): target prot opt source > destination ports > > ACCEPT tcp ------ 0.0.0.0/0 192.168.1.1 > 80 -> 80 > > MASQ all ------ 192.168.1.0/24 0.0.0.0/0 n/a > > > > When I try to lynx in from the U (to http://rephil.org or > > http://www.rephil.org) it tells me it cannot connect to > host, but nslookup > > or dig both give the right spots for it, and I can ssh into > the firewall > > from there. Hrm. > > > > TIA, > > > > Phil > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >