[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Firewall - ipmasqadm Help

Hello redhat-list,

  I'm trying to use ipmasqadm to portfw through my firewall for http
  services. I have a firewall (ipchains and kernel 2.2.5-15), with
  outside address of $IPADDR and an internal web server (port 80) at
  $INT_IP that I want to offer web service.  I can't seem to get the
  portfw to work and would love some help.  Something I don't
  understand is how the ipchains can respond to an inbound on port 80,
  when the firewall isn't running anything on that port.

  Here are the particulars - believe me, I've read the manual and
  scoured the archives before posting here.
  
  ..
  ...
  ....
  ipmasqadm portfw -a -P tcp -L $IPADDR 7880 -R $INT_IP 80
  ...
  ...
  .....
# HTTP client (80)
    # ----------------
    /sbin/ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
             -s $ANYWHERE 80 \
             -d $IPADDR $UNPRIVPORTS  -j ACCEPT

    /sbin/ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
             -s $IPADDR $UNPRIVPORTS \
             -d $ANYWHERE 80  -j ACCEPT

    # ------------------------------------------------------------------

    # HTTPS client (443)
    # ------------------
    /sbin/ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
             -s $ANYWHERE 443 \
             -d $IPADDR $UNPRIVPORTS  -j ACCEPT

    /sbin/ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
             -s $IPADDR $UNPRIVPORTS \
             -d $ANYWHERE 443  -j ACCEPT
    ..
    ...
    .....


  

  First, I know that all the correct switches are flipped in my kernel
  for ipmasq, and ipportfw.  I also do the modprobe at firewall
  startup;
           *************************************
          echo 1 > /proc/sys/net/ipv4/ip_forward

               /etc/rc.d/rc.firewall

               for masqmod in /lib/modules/`uname -r`/ipv4/ip_masq_*;
               do /sbin/modprobe $masqmod
               done
           **************************************
   And ip_masq_portfw.o is listed in /lib/modules/*kernel_ver/ipv4/



   Anyone see what is going south one me here?  Thanks a bunch.





Best regards,
 Perry                          mailto:perryb badger1 net
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]