?
Solved

Address Translation

Posted on 2000-02-07
5
Medium Priority
?
243 Views
Last Modified: 2010-03-18
I am running RedHat 6.1 with 2 LAN cards, ipchains & Masq. through the cards to the internet.  I need to open a port comming in to see my Web Server on my internal network.  How do I do this?

Please help.
Tks
Byron
0
Comment
Question by:byrona
  • 3
5 Comments
 

Author Comment

by:byrona
ID: 2499824
Edited text of question.
0
 
LVL 3

Expert Comment

by:maxchow
ID: 2506906
1) Go to Linuxconf
2) Select firewall
3) Select forwarding
4) Select IP Masquerade
5) From <internal net no>, mask <internal net mask> Interface Any
6) To 0.0.0.0, Interface Any

Make sure you setup the network cards correctly and can ping outside from the Linux before you go for the steps

You can add the "firewall" module in linuxconf under:

Control -> Control File ans System -> Configure Linuxconf Modules

Then next time you will see it under:
Config -> networking -> server tasks

0
 

Author Comment

by:byrona
ID: 2511382
Hi,

Thank you for the answer.  It is not what I am looking for or maybe I do not understand.

On my eth0 I am on the local network and on eth1 I am on the internet (i.e plugged into my router). I need to point a port comming from outside into my local network to an WebServer that has got an illegal IP Address. (eg if I type 196.1.1.1:9000 I want it to go to 10.1.1.1 on my local network.

I am not to sure why the from has got the internal network number and not the external?  This may be where I am going wrong.

Please can u help me further with this.
Tks
Byron
0
 

Author Comment

by:byrona
ID: 2530077
Is there nobody that can do this out there?
0
 

Accepted Solution

by:
redhat2 earned 800 total points
ID: 2533566
This is so easy!

Download the package ftp://www.mirror.ac.uk/sites/ftp.redhat.com/pub/contrib/libc6/i386/ipmasqadm-0.4.2-3.i386.rpm
1) Install this package with "rpm -i ipmasqadm-0.4.2-3.i386.rpm"
2) Create a file called /etc/rc.d/rc.firewall containing this ---

#!/bin/sh
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_quake
/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_vdolive

#CRITICAL:  Enable IP forwarding since it is disabled by default since
#
# Redhat Users:  you may try changing the options in /etc/sysconfig/network from:
#
#   FORWARD_IPV4=false
#    to
#   FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward

# Dynamic IP users:
#
#   If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
#  option.  This enables dynamic-ip address hacking in IP MASQ, making the life
#  with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/ipchains -M -S 7200 10 160

/sbin/ipchains -P forward DENY
#This line will forward traffic from your internal network to the outside MASQed
/sbin/ipchains -A forward -s 10.1.1.0/24 -j MASQ

#echo "Enabling IPPORTFW Redirection on the external LAN.."
#
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L 196.1.1.1 9000 -R 10.1.1.1 80

#End of rc.firewall

3) make the file executable using the command "chmod 750 /etc/rc.d/rc.firewall"
4) edit the file /etc/rc.d/rc.local using "vi /etc/rc.d/rc.local"
5) press these keys exactly, press esc, ":", 7000, "Insert", /etc/rc.d/rc.firewall, esc, ":wq"
NOTE: If you have trouble with vi, email me and I can help..., also try kedit or emacs or any other text editing program
6) Now reboot your computer... Test and see if you can get into the webserver from the outside, you should be able to.
7) If you have trouble with this, http://members.home.net/ipmasq/ipmasq-HOWTO-1.81.html might help you, also post what you can and can not do as part of the rejection.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question