ipchains port forwarding problems
Jurik Ristjouw
i have suse 6.1
i've set up the following rules for interal network..
ipchains -P forward DENY
ipchains -A forward -s 192.168.0.1 -j MASQ
ipchains -A forward -s 192.168.0.2 -j MASQ
ipchains -A forward -s 192.168.0.100 -j MASQ
ipchains -A forward -s 192.168.0.101 -j MASQ
and the modules ip_masq_irc, ip_masq_ftp for the irc and ftp problems...
this is working perfectly, all the computers can browse etc.
now i'm trying to run a ftp server on one of the local machines ie
192.168.0.1 port 21
i have tried (and many variants) to do this
ipchains -I input -p tcp -j REDIRECT -s 0/0 21:21 -d 192.168.0.1 21:21
it does appear in the chain, but it just won't work, what is the problem
please help
Jurik
Wesley Daemen
I think you misunderstand the use of the REDIRECT keyword.
REDIRECT is used to redirect from one port of the firewall to another
port on the SAME machine
For example: I use a REDIRECT to redirect port 55555 to port 23, so I
can telnet to my firewall (my ISP blocks all incoming messages below
port 1024 :-( )
For this I use:
ipchains -I input -p tcp -s 0.0.0.0/0 -d la.la.la.la 55555 -j REDIRECT
23
(la.la.la.la is the local adres, the firewall's adres visible from the
outside of the firewall)
I also use a portforwarding of port 55556 of the firewall to port 23 of
a machine behind the firewall.
To do this you need (for a 2.2.x kernel, preferably the new 2.2.10, I
believe the 2.2.9 has problems with forwarding) the ipmasqadm utility
(http://juanjox.kernelnotes.org))
Command:
ipmasqadm portfw -a -P tcp -L la.la.la.la 55556 -R ra.ra.ra.ra 23
(ra.ra.ra.ra is the adres of the machine you are redirecting to)
I hope this can help you solving the problem
Wesley