1- Recompile de kernel for supporting additional MASQ-modules
2- add the module port-forwarding (as module or part of the kernel) and
recompile (reset etc)
3- add a ipchains ACCEPT entry for the port 80 on your firewall box
4- add the rule for redirecting the port.
IMPORTANT: u will not can test the instalation, i mean, if u try to connect
to the extip:80 u will no be redirected, ONLY packets from which becoming
from the external interface will be redirected. It's a fail (or not, i dont
know) of port-redirect. Just try it from a external system or tell to a boy
about for cheking your redirection.
A SHORT EXAMPLE:
#!/bin/bash
# Initial Conf
extint="eth0"
extip="`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed
-e's/.*://'`"
wwwip="192.168.1.10"
IPCHAINS="/sbin/ipchains"
PORTFW="/usr/sbin/ipmasqadm portfw"
# accept rule for port-forw
$IPCHAINS -A input -p tcp -s 0/0 -i $extint -d $extip 80 -j ACCEPT
# Place for ACCEPT rules (add ACCEPT for ftp ... etc , all services u
want opened)
...
# Place for DENY/REJECT rules (just cut :1023 ;) and some uppers (nfs
etc) if u have)
...
#Place for MASQ/Forwd rules
...
# port-forwd rules
$PORTFW -a -P tcp -L $extip 80 -R $wwwip 80
At 21.53 28/6/00 -0700, Nick wrote:
this is my situation:
i have a linux box running 2.1, 2.2.15 with a dhcp service and ipmasq
through ipchains
i wanna setup a webserver inside the network and have the http port
forwarded through my firewall.
if i have ipchains i just need ipportfw right? but dselect insists that i
install ipmasq too?
how can i do this another way, or is this the only way???
outside ip - linux box (need to forward IP traffic for port 80) --
webserver (192.168.1.10)
thankx in advance
-nick
--
Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] <
/dev/null
