port forwarding? routing?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M.Mlarry-schmid@home.comlarry-schmidhome.com at <-
M.MMike Starke at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: larry-schmid@home.com
Date:  
Subject: port forwarding? routing?
Here is a stripped-down set of rules that I have just tested. These
came from a larger script I use on my firewall. I forward ssh to an
internal system for logins.

#First shut down all traffic
/sbin/ipchains -P forward DENY

#Let all inside traffic get out
/sbin/ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0

#Forward ssh to login box
/usr/sbin/ipmasqadm portfw -a -P tcp -L x.x.x.x 22 -R 192.168.1.100 22

# x.x.x.x = external firewall ip

Are you perhaps using tcp wrappers or have you configured AllowHosts or
DenyHosts in sshd_config on the box you're forwarding to? Port
forwarding doesn't mask the ip from the external connection.

Larry


Mike Starke wrote:
>
> Tried it......I am not having fun.
>
> It appears (don't quote me on this) that it is definitly
> the port forwarding. I can ssh into my linux box, but beyond that
> is not working.
>
> I even tried:
> ipchains -P input ACCEPT
> ipchains -P forward ACCEPT
> ipchains -A forward -s 192.168.10.0/24 -j MASQ
> ipmasqadm portfw -a -P tcp -L 192.168.10.2 22 -R 192.168.2.200 22
>
> Just to see if I can redirect ssh to another linux box inside: No Luck.
> It just hangs.
>
> Anyone have any idea what I can do?
>
> Mike
>
> http://www.getnet.com/~mgcon
> Phoenix, AZ
> USA
>
> On Tue, 31 Oct 2000, Patrick E. Stoddard wrote:
>
> > Hi.
> >
> > Here is a possible alternative for making ipmasqadm pass
> > connections to that Citrix box behind your Linux box:
> >
> > ipmasqadm autofw -A -r tcp 1494 1494 -h 192.168.2.243
> >
> > and I think you can put the -L on there to log connections
> > as well. I just had to do this for a friend with a W2K
> > Terminal Server behind his firewall at his house, and for
> > that I also had to do another line similar to above but
> > passing connections on TCP port 3389 to the same IP.
> >
> > With that, just make your client try to connect to your
> > Citrix box (192.168.10.2) and that should pass through
> > the Linux box just fine.
> >
> >
> > Good luck! Patrick
> >
> > --
> > Patrick E. Stoddard           E-mail: wd9ewk at amsat dot org
> > Glendale, Arizona, USA        ICBM:   33.5 N 112.2 W

> >
> >    Also: wd9ewk at yahoo dot com - wd9ewk at arrl dot net

> >
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> Plug-discuss mailing list -
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

--
Provoke not your SA to anger, for he is a jealous SA, vengeful,
keeper of root, and quick to wrath.

Larry


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-port forwarding? routing?Ipchains problem. H.E.L.P!->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)