[TCLUG] Port forwarding newbie Q

Wed Jun 6 13:02:44 CDT 2001

Since you are using coyote, isn't this info in their FAQ or the Forums on
www.coyotelinux.com?

> -----Original Message-----
> From: Simeon Johnston [mailto:simeonuj at eetc.com]
> Sent: Wednesday, June 06, 2001 12:43 PM
> To: tclug-list at mn-linux.org
> Subject: Re: [TCLUG] Port forwarding newbie Q
> 
> 
> 
> 
> Phil Mendelsohn wrote:
> 
> > On Wed, 6 Jun 2001, Simeon Johnston wrote:
> >
> > > Simeon Johnston wrote:
> > > > Sample forwarding rule.  ipmasqadm handles the portfw 
> command and is a
> > > > seperate application from ipchains.
> > > > /usr/sbin/ipmasqadm portfw -a -P tcp -L 
> RealIPofFirewall 80 -R InternalIP 80
> >
> > OK -- done and done.  (First thing I tried, and yes I know 
> about deleting
> > / flushing the chains / portfws).
> >
> > > > You have to masq all outgoing traffic from internal hosts.
> > > > ipchains -A forward -i exernaldevice -s internalnetwork 
> -d 0.0.0.0/0 -j MASQ
> > >
> > > Sorry, forgot about accepting incoming port 80 to the firewall
> > > ipchains -A input -i externaldevice -p tcp -s 0.0.0.0/0 
> -d RealIPofFirewall 80
> > > -j ACCEPT
> >
> > Did that, doesn't help.  Isn't that covered by input chain 
> policy ACCEPT?
> 
> should be
> 
> > I am using 2.2.18 CoyoteLinux with ipmasqadm already.  I'm 
> starting to go
> > a little nuts here, becuase I seem to be doing everything 
> right.  And it
> > ain't the machine, because I'm reading and writing these 
> emails through
> > it!
> >
> > Thanks for your help guys.  I'm going to flush it out and start from
> > scratch, but it's one lousy rule and one portfw!  (Could it 
> be the -y
> > option or the TOS args?  Should I tell forward to -t 0x01 0x10?
> 
> BREATH.  RELAX.  KICK YOUR COMPUTER (or just a warning kick 
> near your computer.  It
> sensed fear...)
> Just for kicks (not for security.. but if security was a big 
> problem you wouldn't
> be using a ACCEPT policy for input)
> :-)
> Try adding explicit ip's.  I remember when I used this for 
> the first time.  It was
> a royal pain.
> What rules are you using now.  You may have some conflicting rules.
> Is the ipmasqadm stuff *Compiled* into your kernel?  Should 
> be for CoyoteLinux.
> Maybe it's a module?  I've never used CoyoteLinux so I'm not sure.
> There are LOTS of other reasons this won't work.
> A little more info will be helpful.
> 
> sim
> 
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> 