Hi All, born out of frustration with conflicting info on the net, I thought I'd share a simple guide to set up the port forwarding side of masquerading... this presumes you already have basic ipchains setup and simple masquerading of internal machines installed. PORT FORWARDING USING IPMASQADM. Ipmasqadm supercedes the ipportfw feature. 1 - Upgrade to Kernel 2.2.12-20 if not already up to this. 2 - cd /usr/src/linux and run make menuconfig 3 - in here make sure kernel is configured to route ip, is tuned as a router ( as opposed to host ), and that ipportfw is set up as a module. 4 - download the ipmasqadm tool from the link @ www.monmouth.demon.o.uk <http://www.monmouth.demon.o.uk> - current version as of may 2000 = ipmasqadm-0.4.2-3.i386.rpm and install using the syntax: "rpm -ivh ipmasqadm-0.4.2-3.i386.rpm" IGNORE INCORRECT EXAMPLES GIVEN ON SITE !!! 5 - EXAMPLE of telnet forwarding: ( add to your "chainfile script" - note: must fit in with existing rules ) /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L $ext_ip 23 -R $int_ip 23 6 - run the chainfile script and test telnet to the external interface from an external machine- should give login from destination of port redirect. POSSIBLE ERRORS: public interface gets corrupted: - re-run linuxconf and re-enter interface info. check rpm version. "10061" on telnet client: - check syntax of ipmasqadm portfw entry & make sure ultimate destination is online. hope this helps someone ! I think I'm being brave / stupid doing this, but any questions ? - mail me on marc@thermeoneurope.com good luck ! Marc Redmile-Gordon Technical Dept. Thermeon Europe Limited Email : Support@Carsplus.co.uk Support Fax : +44 (0) 20 7681 3907 Support Tel : 0906 5150908 (Premium Rate)
David Elson
2000-May-20 23:23 UTC
[linux-security] Re: ipmasqadm port forwarding ipportfw (HOWTO)
> 4 - download the ipmasqadm tool from the link @ > www.monmouth.demon.o.uk > <http://www.monmouth.demon.o.uk> > - current version as of may 2000 = ipmasqadm-0.4.2-3.i386.rpm > and install using the syntax: "rpm -ivh ipmasqadm-0.4.2-3.i386.rpm"Note that this RPM is also available on ftp.redhat.com under contrib/libc6/i386> /usr/sbin/ipmasqadm portfw -f > /usr/sbin/ipmasqadm portfw -a -P tcp -L $ext_ip 23 -R $int_ip 23There is a PHP Firewall Generator, here: http://phpfwgen.sourceforge.net/ ... also available in source or RPM format. This allows you to set up your port forwarding (and other firewall rules) in a simple web interface, using a ruleset not unlike other firewall ruleset generators (eg: Firewall-1), and it will generate the ipchains/ipmasqadm script for you. It's much easier for beginners to do this as the script always puts the ipchains/ipmasqadm rules around the right way. Del