Hello redhat-list,
I'm trying to use ipmasqadm to portfw through my firewall for http
services. I have a firewall (ipchains and kernel 2.2.5-15), with
outside address of $IPADDR and an internal web server (port 80) at
$INT_IP that I want to offer web service. I can't seem to get the
portfw to work and would love some help. Something I don't
understand is how the ipchains can respond to an inbound on port 80,
when the firewall isn't running anything on that port.
Here are the particulars - believe me, I've read the manual and
scoured the archives before posting here.
..
...
....
ipmasqadm portfw -a -P tcp -L $IPADDR 7880 -R $INT_IP 80
...
...
.....
# HTTP client (80)
# ----------------
/sbin/ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $ANYWHERE 80 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
/sbin/ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $ANYWHERE 80 -j ACCEPT
# ------------------------------------------------------------------
# HTTPS client (443)
# ------------------
/sbin/ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $ANYWHERE 443 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
/sbin/ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $ANYWHERE 443 -j ACCEPT
..
...
.....
First, I know that all the correct switches are flipped in my kernel
for ipmasq, and ipportfw. I also do the modprobe at firewall
startup;
*************************************
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/rc.d/rc.firewall
for masqmod in /lib/modules/`uname -r`/ipv4/ip_masq_*;
do /sbin/modprobe $masqmod
done
**************************************
And ip_masq_portfw.o is listed in /lib/modules/*kernel_ver/ipv4/
Anyone see what is going south one me here? Thanks a bunch.
Best regards,
Perry mailto:[EMAIL PROTECTED]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
