[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
portfw into the inside network
- From: Bill Proudfit <bill proudfit flexint com>
- To: "'redhat-install-list redhat com'" <redhat-install-list redhat com>
- Subject: portfw into the inside network
- Date: Tue, 30 May 2000 15:34:26 -0500
I'm having trouble accessing our local web server from the outside world.
Here's the network setup:
------------------- ------------------
------------------ -----------------------------
INTERNET <----------> ISDN router <----------> FIREWALL
<-------------------->INSIDE NETWORK
------------------- ------------------
------------------ -----------------------------
The firewall has outside address 192.168.2.2 and inside address 192.168.1.2.
The inside network all has addresses
192.168.1.*.
Everything going out works perfectly, the only thing that isn't working
correctly right now is incoming web requests from the outside world. I would
like to forward any incoming requests for the web server (located at
192.168.1.5) from the outside interface of the firewall to the inside
interface of the firewall to the web server itself. One of the biggest
problems has been the ISDN router, which has IP address 192.168.2.1 in this
setup. In the router configuration, it has a configuration option for
multiple servers. In this option, I can define local IP addresses where
port requests should be sent. For example, I can define that port 80 goes
to 192.168.1.5, so any request coming into the router for port 80 will
automatically be sent to 192.168.1.5 (which is what I want).
The problem comes in when I set up the firewall. Since I had changed the IP
address of the router (from 192.168.1.1 to 192.168.2.1), it can no longer
see the 192.168.1.* subnet, which is where the web server is located. I
decided to try to have the router send its port requests to the outside
interface of the firewall, which is does perfectly. Then I wanted to use
ipmasqadm to implement port forwarding from the outside interface to the
inside interface. This does not work, and I'm thinking that it might be
because the outside interface is not on the inside network's subnet (the
outside interface's IP address is 192.168.2.2). I cannot get it to forward
into the inside interface.
The routing table (inside interface is eth1, outside interface is eth0):
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.2 * 255.255.255.255 UH 0 0 0
eth1
192.168.2.2 * 255.255.255.255 UH 0 0 0
eth0
192.168.2.0 * 255.255.255.0 U 0 0
0 eth0
192.168.1.0 * 255.255.255.0 U 0 0
0 eth1
127.0.0.0 * 255.0.0.0 U 0 0
0 lo
default 192.168.2.1 0.0.0.0 UG 0 0
0 eth0
ipchains script (again, inside interface is eth1 with network 192.168.1.*,
outside interface is eth0, with network 192.168.2.*):
ipchains -F
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
ipchains -A forward -i eth1 -s 192.168.2.0/24 -j MASQ -l
ipchains -A forward -i eth0 -s 192.168.1.0/24 -j MASQ -l
ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L 192.168.2.2 80 -R 192.168.1.2 80
ipmasqadm portfw -a -P tcp -L 192.168.1.2 80 -R 192.168.1.5 80
Does anyone have any ideas or suggestions that would help me out?
Thanks in advance,
Bill Proudfit
Flexware Integration, Inc.
bill proudfit flexint com
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]