Since you are using coyote, isn't this info in their FAQ or the Forums on www.coyotelinux.com? > -----Original Message----- > From: Simeon Johnston [mailto:simeonuj at eetc.com] > Sent: Wednesday, June 06, 2001 12:43 PM > To: tclug-list at mn-linux.org > Subject: Re: [TCLUG] Port forwarding newbie Q > > > > > Phil Mendelsohn wrote: > > > On Wed, 6 Jun 2001, Simeon Johnston wrote: > > > > > Simeon Johnston wrote: > > > > Sample forwarding rule. ipmasqadm handles the portfw > command and is a > > > > seperate application from ipchains. > > > > /usr/sbin/ipmasqadm portfw -a -P tcp -L > RealIPofFirewall 80 -R InternalIP 80 > > > > OK -- done and done. (First thing I tried, and yes I know > about deleting > > / flushing the chains / portfws). > > > > > > You have to masq all outgoing traffic from internal hosts. > > > > ipchains -A forward -i exernaldevice -s internalnetwork > -d 0.0.0.0/0 -j MASQ > > > > > > Sorry, forgot about accepting incoming port 80 to the firewall > > > ipchains -A input -i externaldevice -p tcp -s 0.0.0.0/0 > -d RealIPofFirewall 80 > > > -j ACCEPT > > > > Did that, doesn't help. Isn't that covered by input chain > policy ACCEPT? > > should be > > > I am using 2.2.18 CoyoteLinux with ipmasqadm already. I'm > starting to go > > a little nuts here, becuase I seem to be doing everything > right. And it > > ain't the machine, because I'm reading and writing these > emails through > > it! > > > > Thanks for your help guys. I'm going to flush it out and start from > > scratch, but it's one lousy rule and one portfw! (Could it > be the -y > > option or the TOS args? Should I tell forward to -t 0x01 0x10? > > BREATH. RELAX. KICK YOUR COMPUTER (or just a warning kick > near your computer. It > sensed fear...) > Just for kicks (not for security.. but if security was a big > problem you wouldn't > be using a ACCEPT policy for input) > :-) > Try adding explicit ip's. I remember when I used this for > the first time. It was > a royal pain. > What rules are you using now. You may have some conflicting rules. > Is the ipmasqadm stuff *Compiled* into your kernel? Should > be for CoyoteLinux. > Maybe it's a module? I've never used CoyoteLinux so I'm not sure. > There are LOTS of other reasons this won't work. > A little more info will be helpful. > > sim > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >