port forwarding problem

port forwarding problem

Post by Jim Broughto » Mon, 10 Jul 2000 04:00:00




> Hello all.

> I am now stucking with port forwarding configuration.

> I describe my network below.

> Internet ---- Router -----------------------------------
>         ggg.ggg.ggg.1     |                |           |
>                        Firewall           WWW       test client
>                     ggg.ggg.ggg.2    192.168.1.1    ggg.ggg.ggg.3
>                     192.168.1.254

> I would like to make all internet access from outside access via Firewall.Firewall has only one NIC.So I assigned Global IP addres and private IP address on it by IP aliasing. ggg.ggg.ggg.2 is global IP address for WWW and 192.168.1.254 is private IP address for 192.168.1.0 network gateway.(Please look above.)
> Next I configured port forwarding using ipmasqadm command on firewall.

>  % /usr/sbin/ipmasqadm portfw -a -P tcp -L ggg.ggg.ggg.3 80 -R 192.168.1.1 80

> And I did ip masquarading too.

>  % /sbin/ipchains -P forward MASQ
>  % /sbin/ipchains -M -S 7200 10 160

> All configuration seemed to be set up successfully.
> After that,I made access from "test client" to WWW (ggg.ggg.ggg.3).It supposed packet from test client dive into firewall and forward it to WWW server.But I could not reach WWW server.

> I looked packet by ethereal analyzer. And I found firewall threw ICMP redirect packet to test client.So test client re-transmitt packet to 192.168.1.1.I think it should not be because private address should not appear on global network.

> Kernel version is 2.2.16 and recompile it with ipportfw masq support.

> I could not solve this problem at this time.
> Have anyone always solved this problem?

> I appreciate your suggestion in advance.

> Go Hosohara



  With the price of NICS at an all time low why not just add a second
NIC
to the firewall computer. This is a very desirable setup and also much
more
secure. Then route the router into it and the internal net out the other
nic.
Setup IP-masquerading and your all set.

JIM

 
 
 

port forwarding problem

Post by Go Hosohar » Tue, 11 Jul 2000 04:00:00


Hello all.

I am now stucking with port forwarding configuration.

I describe my network below.

Internet ---- Router -----------------------------------
        ggg.ggg.ggg.1     |                |           |
                       Firewall           WWW       test client
                    ggg.ggg.ggg.2    192.168.1.1    ggg.ggg.ggg.3
                    192.168.1.254

I would like to make all internet access from outside access via Firewall.Firewall has only one NIC.So I assigned Global IP addres and private IP address on it by IP aliasing. ggg.ggg.ggg.2 is global IP address for WWW and 192.168.1.254 is private IP address for 192.168.1.0 network gateway.(Please look above.)
Next I configured port forwarding using ipmasqadm command on firewall.

 % /usr/sbin/ipmasqadm portfw -a -P tcp -L ggg.ggg.ggg.3 80 -R 192.168.1.1 80

And I did ip masquarading too.

 % /sbin/ipchains -P forward MASQ  
 % /sbin/ipchains -M -S 7200 10 160

All configuration seemed to be set up successfully.
After that,I made access from "test client" to WWW (ggg.ggg.ggg.3).It supposed packet from test client dive into firewall and forward it to WWW server.But I could not reach WWW server.

I looked packet by ethereal analyzer. And I found firewall threw ICMP redirect packet to test client.So test client re-transmitt packet to 192.168.1.1.I think it should not be because private address should not appear on global network.

Kernel version is 2.2.16 and recompile it with ipportfw masq support.

I could not solve this problem at this time.
Have anyone always solved this problem?

I appreciate your suggestion in advance.

Go Hosohara



 
 
 

port forwarding problem

Post by Go Hosohar » Tue, 11 Jul 2000 04:00:00


Thank you for your advice.

Yes,I know. Because Ijust want to triysome network variation.
I have already set up firewall with 2 NIC.And I have done with no problem.

I am still trying to fix this problem but not completed yet.
I gave up portfw configuration and switched to rinetd daemon deployment.But this tactics stilldoesn't work too.
I wonder port forward requires 2 NIC 2 segment ?

Go Hosohara



> > Hello all.

> > I am now stucking with port forwarding configuration.

> > I describe my network below.

> > Internet ---- Router -----------------------------------
> >         ggg.ggg.ggg.1     |                |           |
> >                        Firewall           WWW       test client
> >                     ggg.ggg.ggg.2    192.168.1.1    ggg.ggg.ggg.3
> >                     192.168.1.254

> > I would like to make all internet access from outside access via Firewall.Firewall has only one NIC.So I assigned Global IP addres and private IP address on it by IP aliasing. ggg.ggg.ggg.2 is global IP address for WWW and 192.168.1.254 is private IP address for 192.168.1.0 network gateway.(Please look above.)
> > Next I configured port forwarding using ipmasqadm command on firewall.

> >  % /usr/sbin/ipmasqadm portfw -a -P tcp -L ggg.ggg.ggg.3 80 -R 192.168.1.1 80

> > And I did ip masquarading too.

> >  % /sbin/ipchains -P forward MASQ
> >  % /sbin/ipchains -M -S 7200 10 160

> > All configuration seemed to be set up successfully.
> > After that,I made access from "test client" to WWW (ggg.ggg.ggg.3).It supposed packet from test client dive into firewall and forward it to WWW server.But I could not reach WWW server.

> > I looked packet by ethereal analyzer. And I found firewall threw ICMP redirect packet to test client.So test client re-transmitt packet to 192.168.1.1.I think it should not be because private address should not appear on global network.

> > Kernel version is 2.2.16 and recompile it with ipportfw masq support.

> > I could not solve this problem at this time.
> > Have anyone always solved this problem?

> > I appreciate your suggestion in advance.

> > Go Hosohara


>   With the price of NICS at an all time low why not just add a second
> NIC
> to the firewall computer. This is a very desirable setup and also much
> more
> secure. Then route the router into it and the internal net out the other
> nic.
> Setup IP-masquerading and your all set.

> JIM

 
 
 

1. iptables smtp port forwarding problem

Hello,
   I'm relatively new to linux and iptables. I'm running Redhat 8.0,
iptables 1.2.6a, and using script for iptables created via a utility
called gShield.  I'm trying to setup the linux box as a
gateway/firewall for a small lan.  The linux box has 2 nics, one for
the internal network and the other connected to the internet via a
cable connection.  The gateway should also forward mail on port 25 to
an internal w2k mail server.  After running the configuration script,
I can browse the internet just fine from the internal network using
the linux box as a gateway.  Port 25 is open and is forwarding to the
windows box, but when I telnet to the linux box on port 25 I get a
Connect failed message.  The mail server log shows that a connection
was made then immediately dropped.  I can telnet to the internal mail
server on the internal network, and also through another
firewall/router that is connected to the internet via a T1 line.(The
T1 is thru adelphia, now bankrupt, so we are switching to roadrunner).
 Anyway, can anyone help?

2. SYN Flooding

3. Firewall & port forward problem

4. Adaptec AAA-133 vs AAA-131 which is right for me ?

5. Port Forwarding Problems

6. Pioneer DRM-1804X CD Changer (18 Disk)

7. Port forwarding problem

8. xwpe on Solaris 2.4

9. Port Forwarding Problem

10. ipchains port forwarding problems

11. Port Forwarding Problem

12. iptables port forwarding problem

13. port forwarding problems (ipmasqadm + ipchains)