ipchains and ipmasqadm quickie

Posted on 2000-05-17
Last Modified: 2013-12-15
Ok I have an ipchains firewall script that is called from the ip-up script (PPP connection). Within this ipchains script I wish to forward any ftp and telnet requests coming in to the ppp0 device to another machine within the ineternal  network - say

What I need to know is what is the rule I should use for ipchains, I have this so far...  (I don't have the script with me at the mo so I am trying to remember this from my head!!)....

ipchains -A forward -p tcp -s $INTERNET -d $PPPIP telnet -j ACCEPT

#and the the ipmasqadm

ipmasqadm portfw -a -P tcp -L $PPPIP 23 -R 23

is that right? Or does the ipchains -A command need to be forward and/or the -j command REDIRECT

The last bit is: Does packet forwarding just need to be on the gateway (PPP machine) or all computers within the internal network?


Question by:Anewbis_
  • 3
  • 2

Author Comment

ID: 2818326
Ooops forgot a bit! on the ipchains rule can the -j option be DENY as it is going to get forwarded to another machine or would it have to be ACCEPT? I do not want anyone from outside to be able to telnet to the firewall box itself - hence the port redirection ;-)


Accepted Solution

liyang earned 50 total points
ID: 2851317
Assuming your internal machine can send packets out at will, and your firewall machine will ACCEPT (*not* FORWARD!) packets on port 23, then all you need is:

ipmasqadm portfw -a -P tcp -L $PPPIP 23 -R 23


Author Comment

ID: 2860165
Answer accepted

Author Comment

ID: 2860166
Cheers! It works! Except FTP seems to hang on LIST/GET/DIR commands - any ideas on that?

Expert Comment

ID: 2864644
Have you done "modprobe ip_masq_ftp"? You'll need that in order to do active ftp from the inside. Place it in your rc.local script so it gets run at startup. Passive ftp should work either way, provided you don't restrict any outgoing connections.



Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
looking for a CENTOS ISO to download with x window installed 2 49
open source backup solution 1 36
awk to variable in bash 2 70
expand ext4 on centos 6 5 37
Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question