Address Translation

I am running RedHat 6.1 with 2 LAN cards, ipchains & Masq. through the cards to the internet.  I need to open a port comming in to see my Web Server on my internal network.  How do I do this?

Please help.
Tks
Byron
byronaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

byronaAuthor Commented:
Edited text of question.
0
maxchowCommented:
1) Go to Linuxconf
2) Select firewall
3) Select forwarding
4) Select IP Masquerade
5) From <internal net no>, mask <internal net mask> Interface Any
6) To 0.0.0.0, Interface Any

Make sure you setup the network cards correctly and can ping outside from the Linux before you go for the steps

You can add the "firewall" module in linuxconf under:

Control -> Control File ans System -> Configure Linuxconf Modules

Then next time you will see it under:
Config -> networking -> server tasks

0
byronaAuthor Commented:
Hi,

Thank you for the answer.  It is not what I am looking for or maybe I do not understand.

On my eth0 I am on the local network and on eth1 I am on the internet (i.e plugged into my router). I need to point a port comming from outside into my local network to an WebServer that has got an illegal IP Address. (eg if I type 196.1.1.1:9000 I want it to go to 10.1.1.1 on my local network.

I am not to sure why the from has got the internal network number and not the external?  This may be where I am going wrong.

Please can u help me further with this.
Tks
Byron
0
byronaAuthor Commented:
Is there nobody that can do this out there?
0
redhat2Commented:
This is so easy!

Download the package ftp://www.mirror.ac.uk/sites/ftp.redhat.com/pub/contrib/libc6/i386/ipmasqadm-0.4.2-3.i386.rpm
1) Install this package with "rpm -i ipmasqadm-0.4.2-3.i386.rpm"
2) Create a file called /etc/rc.d/rc.firewall containing this ---

#!/bin/sh
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_quake
/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_vdolive

#CRITICAL:  Enable IP forwarding since it is disabled by default since
#
# Redhat Users:  you may try changing the options in /etc/sysconfig/network from:
#
#   FORWARD_IPV4=false
#    to
#   FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward

# Dynamic IP users:
#
#   If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
#  option.  This enables dynamic-ip address hacking in IP MASQ, making the life
#  with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/ipchains -M -S 7200 10 160

/sbin/ipchains -P forward DENY
#This line will forward traffic from your internal network to the outside MASQed
/sbin/ipchains -A forward -s 10.1.1.0/24 -j MASQ

#echo "Enabling IPPORTFW Redirection on the external LAN.."
#
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L 196.1.1.1 9000 -R 10.1.1.1 80

#End of rc.firewall

3) make the file executable using the command "chmod 750 /etc/rc.d/rc.firewall"
4) edit the file /etc/rc.d/rc.local using "vi /etc/rc.d/rc.local"
5) press these keys exactly, press esc, ":", 7000, "Insert", /etc/rc.d/rc.firewall, esc, ":wq"
NOTE: If you have trouble with vi, email me and I can help..., also try kedit or emacs or any other text editing program
6) Now reboot your computer... Test and see if you can get into the webserver from the outside, you should be able to.
7) If you have trouble with this, http://members.home.net/ipmasq/ipmasq-HOWTO-1.81.html might help you, also post what you can and can not do as part of the rejection.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.