Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IPChains and forwarding...

Posted on 1999-07-23
6
Medium Priority
?
278 Views
Last Modified: 2010-08-05
I've got one machine set up as a firewall/masquerading machine. I have another behind it on my LAN that's set up to do web serving, ftp serving, etc. How can I use IPChains to forward all packets on the outside NIC (eg 24.0.50.50) on port 21 to the inside machine's (eg 192.168.2.254) port 21. It'd be really cool if you could give me the command with all the options attached :). Thanks.

ipchains -I forward ...(?)
0
Comment
Question by:jguerin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:Manfred Bertl
ID: 1635718
ipchains -A forward -s 24.0.50.50/0 21 -d 192.168.2.254/0 21 -i eth0


0
 

Author Comment

by:jguerin
ID: 1635719
 mmmm... I'm not sure about that... but I'll try it. From what I've read in the man pages, that will just allow all packets with those respective source/destinations to go from the firewall to my other server... but I don't think that it actually will forward the connections from 24.0.50.50 to 192.168.2.254... but I'll give it a shot.
0
 
LVL 2

Accepted Solution

by:
wqclatre earned 400 total points
ID: 1635720
check out ipmasqadm
http://juanjox.kernelnotes.org/

ipmasqadm portfw -a -P tcp -L 192.168.2.254 80 -R 24.0.50.50 80

if i remember the syntax right...
portfw works by reverse-masq so you must have a masq rule to
``take the reply packets out

(something like this)
   # ipchains -I forward -p tcp -s internal_IP/32 80 -j MASQ
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 2

Expert Comment

by:wqclatre
ID: 1635721
You also have to enable somethings in the kernel...
CONFIG_KMOD=y      
CONFIG_IP_MASQUERADE_MOD=y
CONFIG_IP_MASQUERADE_IPPORTFW=m

btw You have a FAQ on:
http://juanjox.kernelnotes.org/ipmasqadm-FAQ.txt
0
 
LVL 2

Expert Comment

by:wqclatre
ID: 1635722
Sorry.. I'm to tired right now.
The syntax is
ipmasqadm portfw -a -P tcp -L 192.168.2.254 21 -R 24.0.50.50 21

I thought that you wanted to forward the www-server (port 80)
If you like to forward a ftp-server I think you also have to forward port 20 (ftp-data)
otherwise you can only use passive-mode in youre ftp-client when you connect to youre ftp from outside...
0
 

Author Comment

by:jguerin
ID: 1635723
Heheh, well I was hoping to find some way to get ipchains to do it. I guess it turns out that ipchains is only for packet filtering. Too bad. I just ran into ipmasqadm the other day and am trying to install it now. Thanks.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question