> Hello all.
> I am now stucking with port forwarding configuration.
> I describe my network below.
> Internet ---- Router -----------------------------------
> ggg.ggg.ggg.1 | | |
> Firewall WWW test client
> ggg.ggg.ggg.2 192.168.1.1 ggg.ggg.ggg.3
> I would like to make all internet access from outside access via Firewall.Firewall has only one NIC.So I assigned Global IP addres and private IP address on it by IP aliasing. ggg.ggg.ggg.2 is global IP address for WWW and 192.168.1.254 is private IP address for 192.168.1.0 network gateway.(Please look above.)
> Next I configured port forwarding using ipmasqadm command on firewall.
> % /usr/sbin/ipmasqadm portfw -a -P tcp -L ggg.ggg.ggg.3 80 -R 192.168.1.1 80
> And I did ip masquarading too.
> % /sbin/ipchains -P forward MASQ
> % /sbin/ipchains -M -S 7200 10 160
> All configuration seemed to be set up successfully.
> After that,I made access from "test client" to WWW (ggg.ggg.ggg.3).It supposed packet from test client dive into firewall and forward it to WWW server.But I could not reach WWW server.
> I looked packet by ethereal analyzer. And I found firewall threw ICMP redirect packet to test client.So test client re-transmitt packet to 192.168.1.1.I think it should not be because private address should not appear on global network.
> Kernel version is 2.2.16 and recompile it with ipportfw masq support.
> I could not solve this problem at this time.
> Have anyone always solved this problem?
> I appreciate your suggestion in advance.
> Go Hosohara
to the firewall computer. This is a very desirable setup and also much
secure. Then route the router into it and the internal net out the other
Setup IP-masquerading and your all set.