On Thu, 15 Feb 2001, Drew Hunt wrote:
You will need to put ipmasqadm portfw commands in your rc.firewall script
(ipchains script) after your ipchains lines. A few ports need a
"helper" module to do the port forwarding (e.g. ftp). In that case, you
can load the module from the ipchains rc.firewall script. A few such
modules come with ipchains - you see them mentioned in the top part of
some rc.firewall scripts (e.g ip_masq_ftp), loaded with the modprobe
command. Most ports don't need one, though.
Using the command:
The command looks something like this:
/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R $webserverip 80
where the variable extip is defined as the IP number your ip chains box
gets from your ISP (the ip number for eth1 on the boxes that I build.
Your rc.firewall script may use a different variable name, so look in your
script and find the variable name used in your ipchains commands that is
the ip number of your external ethernet connection.
The hardest part of using the ipmasqadm portfw command is figuring out
what the -L ("local") and -R ("remote") ip numbers should be, since these
terms are a little backwards from how you usually think of local and
remote.
What I do in my rc.firewall script is define the variable extip:
export extip = "`/sbin/ifconfig eth1 | grep 'inet addr' | awk
'/inet/{print $2' | sed -e 's/.*://'`"
and variable webserverip (or mailserverip or whatever) as:
export webserverip = "192.168.1.221" (the ip number assigned to the
webserver (or whatever server you want to forward).
In the ipmasqadm portfw command,
-a means: add a rule
-P means: protocol to forward: tcp or udp (usually have a line for each
-L means: Local (but really means the EXTERNAL IP number, but watch out
if reading some of the documentation out there - you might get
confused by their use of "external")
The number 80 is the port number that you are forwarding. Port 80 is for
http (the well-defined, most common port, which you are probably using for
your apache web server)
-R means: Remote (but really means the webserver's ip number on your
local LAN, which is where the confusion comes from!)
Thus, you might see two lines for each port to forward:
/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R $webserverip
/sbin/ipmasqadm portfw -a -P udp -L $extip 80 -R $webserverip
where $extip will be something like: 216.211.92.3
and $webserverip will be something like: 192.168.1.221
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Jerry Winegarden
> Sent: Wednesday, February 14, 2001 11:38 PM
> To: RedHat general mailling list
> Subject: Re: Ipmasqadm
>
>
> On Tue, 13 Feb 2001, Drew Hunt wrote:
>
> > Is this the program I want for forwarding ports from my masq box to
> servers
> > on the internal LAN? It doesn't seem to be in my default RH7.0
> > installation. What package do I need to install to get it?
> >
>
> Yes, ipmasqadm (and use ipmasqadm portfw commands, adding to your
> rc.firewall script.
>
> ipmasqadm is available from:
>
> ftp://ftp.redhat.com/pub/contrib/libc6/i386/ipmasqadm-0.4.2-4.i386.rpm
>
> (find such things with rpmfind)
>
--
***************************************************************************
Jerry Winegarden OIT/Technical Support Duke University
[EMAIL PROTECTED] http://www-jerry.oit.duke.edu
***************************************************************************
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
