thanks for the reply!
Yes. The port forwarding and masq is working. But i am not able to ssh from 10.0.0.154 to 10.0.0.199 I thought this would take care of that: #Allow ssh in and out $IPCHAINS -A input -i eth0 -p tcp --dport 22 -j ACCEPT $IPCHAINS -A output -i eth0 -p tcp --sport 22 -j ACCEPT $IPCHAINS -A input -i eth1 -p tcp --sport 22 -j ACCEPT $IPCHAINS -A output -i eth1 -p tcp --dport 22 -j ACCEPT Can you see any problem ? thanks a lot ashley ------------------------------------------------------------------ My script : ------------------------------------------------------------------ #!/bin/bash IPCHAINS="/sbin/ipchains" IPMASQADM="/usr/sbin/ipmasqadm" #Clear all previous stuff $IPCHAINS -F input $IPCHAINS -F output $IPCHAINS -F forward #Deny everything by default $IPCHAINS -P input DENY $IPCHAINS -P output DENY #Do the change ip-addr in the header while forwarding $IPCHAINS -P forward DENY $IPCHAINS -A forward -i eth0 -j MASQ #$IPCHAINS --append forward --interface eth0 --jump MASQ #$IPCHAINS -A forward -i eth0 -s 10.0.0.0 -d 0.0.0.0/0 -j MASQ #Allow ssh in and out $IPCHAINS -A input -i eth0 -p tcp --dport 22 -j ACCEPT $IPCHAINS -A output -i eth0 -p tcp --sport 22 -j ACCEPT $IPCHAINS -A input -i eth1 -p tcp --sport 22 -j ACCEPT $IPCHAINS -A output -i eth1 -p tcp --dport 22 -j ACCEPT #Clear the prev stuff $IPMASQADM portfw -f $IPMASQADM portfw -a -P tcp -L 150.2.3.5 22 -R 10.0.0.154 22 #enable ip forwarding echo "1" > /proc/sys/net/ipv4/ip_forward --------------------------------------------------------------------------- On Fri, 7 Dec 2001 [EMAIL PROTECTED] wrote: > On Fri, 7 Dec 2001, Ashley Thomas wrote: > > I have a network as: > > > > <external > <internal> > > > > 150.2.3.4 ------------ 150.2.3.5 <Firwall> 10.0.0.199 -------10.0.0.154 > > > > I need to configure the Firewall to block everything from the external net > > except ssh, which has to be port forwarded to the internal m/c 10.0.0.154 > <snip> > > $IPMASQADM portfw -a -P tcp -L 150.2.3.4 22 -R 10.0.0.154 22 > > Ashley, your picture is a bit confusing to me. I'm assuming the firewall > itself has two nics, with the 150.2.3.5 (external) and 10.0.0.199 > (internal) interfaces. The rule above should be > > $IPMASQADM portfw -a -P tcp -L 150.2.3.5 22 -R 10.0.0.154 22 > > and it should work, otherwise you are going to have to explain your > network setup a bit better. > > hth > charles > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
