Port forwarding

Port forwarding

Post by Wizzar » Tue, 19 Sep 2000 04:00:00



Hi,

I'm having a real hard time with this.  We own our domain and have our own
nameserver.  An entry has been made in the name database for a host to be
seen on the internet.  This host is actually an NT server with a 192.168.0.x
IP address behind the firewall.  Couple questions...

Do i need to make an inet1 entry for this host?

I will want to IP forward based on port 80 from the linux box to the NT box
where the actual IIS server is.  I've tried but have not succeeded.  What is
wrong with this entry?

ipfwadm -F -a accept -P tcp -Sxxx.xxx.xxx.xxx 80 -D192.168.0.x 80

Thanks for any help you may shed,

Dave

 
 
 

Port forwarding

Post by Joe Schaefe » Tue, 19 Sep 2000 04:00:00



> Hi,

> I'm having a real hard time with this.  We own our domain and have our own
> nameserver.  An entry has been made in the name database for a host to be
> seen on the internet.  This host is actually an NT server with a 192.168.0.x
> IP address behind the firewall.  Couple questions...

Could you clarify how you intend to make a 192.168.0.x host accesible to those
outside your internal network? Perhaps you are using a CNAME pointer to your
firewall's IP address, and wish to have port 80 requests forwarded to your IIS
server? (This looks like what you're trying to do below.)

Quote:

> I will want to IP forward based on port 80 from the linux box to the NT box
> where the actual IIS server is.  I've tried but have not succeeded.  What is
> wrong with this entry?

> ipfwadm -F -a accept -P tcp -Sxxx.xxx.xxx.xxx 80 -D192.168.0.x 80

It would help if you also included a logfile output (-l?);
try using ipchains instead of ipfwadm. Also check that masquerading
is enabled in the kernel

% cat /proc/sys/net/ipv4/ip_forward
1

--
Joe Schaefer

 
 
 

Port forwarding

Post by Jaso » Wed, 20 Sep 2000 04:00:00


take a look at www.cyborgworkshop.com/ipchains.html

                        Jason
        www.cyborgworkshop.com
...and the geek shall inherit the earth...

 
 
 

Port forwarding

Post by Sjoe » Mon, 25 Sep 2000 04:00:00



>Hi,

>I'm having a real hard time with this.  We own our domain and have our own
>nameserver.  An entry has been made in the name database for a host to be
>seen on the internet.  This host is actually an NT server with a 192.168.0.x
>IP address behind the firewall.  Couple questions...

>Do i need to make an inet1 entry for this host?

>I will want to IP forward based on port 80 from the linux box to the NT box
>where the actual IIS server is.  I've tried but have not succeeded.  What is
>wrong with this entry?

>ipfwadm -F -a accept -P tcp -Sxxx.xxx.xxx.xxx 80 -D192.168.0.x 80

This is a packetfilter rule to allow packets comming from anywhere from port
80 (www) to 192.168.0.x port 80 (www). Establishing a connection is never
comming from ports below 1024.
Private ip subnets like 192.168.x.x aren't routed through the internet, so
no one on internet can't find it.
You should take a look at ipchains (for the filtering) and ipmasqadm (for
the ip & port redirection)

Sjoerd