[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

portfw into the inside network

I'm having trouble accessing our local web server from the outside world.
Here's the network setup:

-------------------	         ------------------
------------------	           ----------------------------- 	
 INTERNET  <----------> ISDN router <----------> FIREWALL
<-------------------->INSIDE NETWORK 
-------------------	         ------------------
------------------ 	           -----------------------------

The firewall has outside address and inside address
The inside network all has addresses 

Everything going out works perfectly, the only thing that isn't working
correctly right now is incoming web requests from the outside world. I would
like to forward any incoming requests for the web server (located at from the outside interface of the firewall to the inside
interface of the firewall to the web server itself.  One of the biggest
problems has been the ISDN router, which has IP address in this
setup.  In the router configuration, it has a configuration option for
multiple servers.  In this option, I can define local IP addresses where
port requests should be sent.  For example, I can define that port 80 goes
to, so any request coming into the router for port 80 will
automatically be sent to (which is what I want). 

The problem comes in when I set up the firewall.  Since I had changed the IP
address of the router (from to, it can no longer
see the 192.168.1.* subnet, which is where the web server is located.  I
decided to try to have the router send its port requests to the outside
interface of the firewall, which is does perfectly.  Then I wanted to use
ipmasqadm to implement port forwarding from the outside interface to the
inside interface.  This does not work, and I'm thinking that it might be
because the outside interface is not on the inside network's subnet (the
outside interface's IP address is  I cannot get it to forward
into the inside interface. 

The routing table (inside interface is eth1, outside interface is eth0):

Destination	Gateway	Genmask		Flags	Metric	Ref	Use
Iface	*	UH 	0	0	0
eth1	*	UH	0	0	0
eth0	*		U	0	0
0	eth0	*		U	0	0
0	eth1	*		U	0	0
0	lo
default			UG	0	0
0	eth0

ipchains script (again, inside interface is eth1 with network 192.168.1.*,
outside interface is eth0, with network 192.168.2.*): 

ipchains -F
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT

ipchains -A forward -i eth1 -s -j MASQ -l
ipchains -A forward -i eth0 -s -j MASQ -l

ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L 80 -R 80
ipmasqadm portfw -a -P tcp -L 80 -R 80

Does anyone have any ideas or suggestions that would help me out?

Thanks in advance,

Bill Proudfit

Flexware Integration, Inc.
bill proudfit flexint com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]