hi,
i am able to port forward for ext. to int. interfaces using
IPMASQDM PORTFW.
you have to get the IPMASQADM code off of the internet.
######################################################
# here is my example....
######################################################
#!/bin/sh
/sbin/depmod -a
/sbin/modprobe ip_masq_mfw
/sbin/modprobe ip_masq_user
/sbin/modprobe ip_masq_autofw
/sbin/modprobe ip_masq_portfw
extip="`/sbin/ifconfig eth0 | grep ''inet addr'' | awk
''{print $2}'' | sed -e
''s/.*://''`"
########################################################################
########################################################################
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 21 -R 192.168.1.10 21
/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R 192.168.1.10 80
#/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 6000 -R 192.168.1.254 6000
#/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 6001 -R 192.168.1.254 6001
/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10001 -R 192.168.1.10 22
/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10002 -R 192.168.1.101 22
/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10003 -R 192.168.1.101 23
/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10004 -R 192.168.1.10 23
#/usr/sbin/ipmasqadm portfw -a -P udp -L $extip 69 -R 192.168.1.254 69
#/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 53 -R 192.168.1.101 53
#######################################################################
#######################################################################
-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On
Behalf Of Ben
Sent: Sunday, May 20, 2001 1:02 AM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] masq + nat + port forwarding: can it be done?
We''re having problems getting our 2.4 kernel to do exactly what we need
it to for our network. In short, we aren''t able to do port forwarding
for
a masquarded machine, nor for a NAT''d machine.
The topology goes like:
cable -- (eth2)
|
router - (eth1)
| |
dsl ---- (eth0) +-- client1 (10.0.0.1)
+-- client2 (10.0.0.2)
+-- server1 (10.0.0.3)
+-- server2 (10.0.0.4)
The router''s interfaces are:
eth0 1.1.1.1
eth0:1 1.1.1.2
eth1 10.0.0.254
eth2 2.2.2.2
server1 (10.0.0.3) is set up for 1:1 NAT with eth0:1... all incoming
packets to 1.1.1.2 go to server1, and all packets from server1 get
translated to come from 1.1.1.2.
client1 and client2 are masquaraded through eth0, unless they
attempt to initiate an ftp or nntp connection, in which case they are
masq''d through eth2.
server2 is always masq''d through eth2.
What we''d *like* to do is the following:
1) If ftp connections come in on eth2, we''d like to forward those
requests
on to server2, and have replies go back out the same interface. It''s
not
clear to me if it''s even possible to set up port forwarding for an
interface that''s doing masquarading, much less what the iptables
syntax.
2) If ssh connections come in on eth0:1, we''d like to forward those
requests on to client2 (instead of server1), and also have client2''s
replies leave through eth0:1... but ONLY if we''re talking about ssh
packets. Basically, this is 1:1 NAT for eth0:1 and server1, except for
ssh, where we''ll want to do 1:1 NAT with a differnt internal IP. The
problem I''m having with this is how to specify the reverse route?
client2
should be masq''d by eth0, unless it''s responding to ssh
packets coming
from eth0:1.
Help?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
We''re having problems getting our 2.4 kernel to do exactly what we need
it to for our network. In short, we aren''t able to do port forwarding
for
a masquarded machine, nor for a NAT''d machine.
The topology goes like:
cable -- (eth2)
|
router - (eth1)
| |
dsl ---- (eth0) +-- client1 (10.0.0.1)
+-- client2 (10.0.0.2)
+-- server1 (10.0.0.3)
+-- server2 (10.0.0.4)
The router''s interfaces are:
eth0 1.1.1.1
eth0:1 1.1.1.2
eth1 10.0.0.254
eth2 2.2.2.2
server1 (10.0.0.3) is set up for 1:1 NAT with eth0:1... all incoming
packets to 1.1.1.2 go to server1, and all packets from server1 get
translated to come from 1.1.1.2.
client1 and client2 are masquaraded through eth0, unless they
attempt to initiate an ftp or nntp connection, in which case they are
masq''d through eth2.
server2 is always masq''d through eth2.
What we''d *like* to do is the following:
1) If ftp connections come in on eth2, we''d like to forward those
requests
on to server2, and have replies go back out the same interface. It''s
not
clear to me if it''s even possible to set up port forwarding for an
interface that''s doing masquarading, much less what the iptables
syntax.
2) If ssh connections come in on eth0:1, we''d like to forward those
requests on to client2 (instead of server1), and also have client2''s
replies leave through eth0:1... but ONLY if we''re talking about ssh
packets. Basically, this is 1:1 NAT for eth0:1 and server1, except for
ssh, where we''ll want to do 1:1 NAT with a differnt internal IP. The
problem I''m having with this is how to specify the reverse route?
client2
should be masq''d by eth0, unless it''s responding to ssh
packets coming
from eth0:1.
Help?
Based on this sentance from a list of 2.4 networking features: "Built-in PORT Forwarding, which makes IPMASQADM no longer required" (from http://www.linuxports.com/howto/IP-MASQ/x266.htm) I would think that ipmasqadm is not the "correct" solution. On Sat, 19 May 2001, Largo Hellenz wrote:> hi, > > i am able to port forward for ext. to int. interfaces using > IPMASQDM PORTFW. > > you have to get the IPMASQADM code off of the internet. > > ###################################################### > # here is my example.... > ###################################################### > > #!/bin/sh > > /sbin/depmod -a > /sbin/modprobe ip_masq_mfw > /sbin/modprobe ip_masq_user > /sbin/modprobe ip_masq_autofw > /sbin/modprobe ip_masq_portfw > > extip="`/sbin/ifconfig eth0 | grep ''inet addr'' | awk ''{print $2}'' | sed -e > ''s/.*://''`" > > ######################################################################## > ######################################################################## > /usr/sbin/ipmasqadm portfw -f > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 21 -R 192.168.1.10 21 > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R 192.168.1.10 80 > #/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 6000 -R 192.168.1.254 6000 > #/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 6001 -R 192.168.1.254 6001 > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10001 -R 192.168.1.10 22 > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10002 -R 192.168.1.101 22 > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10003 -R 192.168.1.101 23 > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10004 -R 192.168.1.10 23 > > #/usr/sbin/ipmasqadm portfw -a -P udp -L $extip 69 -R 192.168.1.254 69 > #/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 53 -R 192.168.1.101 53 > ####################################################################### > ####################################################################### > > > -----Original Message----- > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On > Behalf Of Ben > Sent: Sunday, May 20, 2001 1:02 AM > To: lartc@mailman.ds9a.nl > Subject: [LARTC] masq + nat + port forwarding: can it be done? > > > We''re having problems getting our 2.4 kernel to do exactly what we need > it to for our network. In short, we aren''t able to do port forwarding for > a masquarded machine, nor for a NAT''d machine. > > The topology goes like: > > cable -- (eth2) > | > router - (eth1) > | | > dsl ---- (eth0) +-- client1 (10.0.0.1) > +-- client2 (10.0.0.2) > +-- server1 (10.0.0.3) > +-- server2 (10.0.0.4) > > The router''s interfaces are: > eth0 1.1.1.1 > eth0:1 1.1.1.2 > eth1 10.0.0.254 > eth2 2.2.2.2 > > > server1 (10.0.0.3) is set up for 1:1 NAT with eth0:1... all incoming > packets to 1.1.1.2 go to server1, and all packets from server1 get > translated to come from 1.1.1.2. > > client1 and client2 are masquaraded through eth0, unless they > attempt to initiate an ftp or nntp connection, in which case they are > masq''d through eth2. > > server2 is always masq''d through eth2. > > What we''d *like* to do is the following: > > 1) If ftp connections come in on eth2, we''d like to forward those requests > on to server2, and have replies go back out the same interface. It''s not > clear to me if it''s even possible to set up port forwarding for an > interface that''s doing masquarading, much less what the iptables syntax. > > 2) If ssh connections come in on eth0:1, we''d like to forward those > requests on to client2 (instead of server1), and also have client2''s > replies leave through eth0:1... but ONLY if we''re talking about ssh > packets. Basically, this is 1:1 NAT for eth0:1 and server1, except for > ssh, where we''ll want to do 1:1 NAT with a differnt internal IP. The > problem I''m having with this is how to specify the reverse route? client2 > should be masq''d by eth0, unless it''s responding to ssh packets coming > from eth0:1. > > Help? > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://ds9a.nl/2.4Routing/ >