Hi, Steve. I just went through all this a little bit ago. It's not as confusing as it seems right now. On or about 20 Jun 2001, Steve Linabery is alleged to have said: > IP Masquerading is working fine. > > What I need to do is have one of the public IP boxes communicate with > one of the internal LAN boxes. I'd like to be able to run code on the > public box that would request a connection on, say, port 80 on the > gateway box, which would be forwarded to the internal LAN box running a > Java program that would serve certain files to the public box. > > I've tried using the ipmasqadm program with no success. RedHat 7.1 > supposedly is preconfigured for IP Masquerading. > > When I add the lines > /usr/sbin/ipmasqadm portfw -f > /usr/sbin/ipmasqadm portfw -a -P tcp -L $public_ip_address 80 -R > 192.168.1.41 80 That looks OK, but what does your ipchain look like? I presume you're in a 2.2 kernel (I'm not a RedHat guru). You will also need something like /usr/sbin/ipchains -A forward -p tcp -s 0/0 1024: -d $local_ip_address 80 -j MASQ somewhere (rc.d/local, or rc.firewall, -- I don't know what's considered the best place to put it.) This allows the firewall to send packets to the forwarder. >/etc/rc.d/local and run it, I get > > portfw: setsockopt failed: Invalid argument > portfw: setsockopt failed: Invalid argument I'm not sure why -- you might want to do an lsmod and send it to the list if necessary to confirm that you have all the appropriate modules loaded. > Various HowTos suggest I need to recompile my kernel. I would prefer to > avoid this if possible. If you're running a stock recent kernel, I don't think this will be necessary. You almost certainly don't need to recompile modules either, but again, I'm not the expert. But I know how to get portfw working now. :)