Port forward problem

Craig White craigwhite@azapple.com
Thu, 29 Mar 2001 10:59:57 -0700


> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of David
> Demland
> Sent: Thursday, March 29, 2001 10:14 AM
> To: Plug-Discuss
> Subject: Port forward problem
>
>
> Here is my problem:
>
>    DB Server         Firewall         AppServer
>    ----------        ---------        ---------
>    |        |        |       |        |       |
>    |        |  <-->  |       |  <-->  |       |
>    |        |        |       |        |       |
>    |        |        |       |        |       |
>    ----------        ---------        ---------
>
>    192.168.1.241                      63.88.255.35
>
> The Database server has an IP 63.88.255.36 from the outside world.
>
> The firewall is configured like:
>
> DBAccessPorts=1023:65535
> DBServerIP=192.168.1.241
> AppServerIP=63.88.255.35
> DBServerExternalIP=63.88.255.36
>
> $IPCHAINS -A input -j ACCEPT -i $OUTERIF -p TCP -s $AppServerIP
> $DBAccessPorts -d $DBServerIP
> $IPCHAINS -A input -j ACCEPT -i $OUTERIF -p UDP -s $AppServerIP
> $DBAccessPorts -d $DBServerIP
> $IPCHAINS -A input -j ACCEPT -i $OUTERIF -p ICMP -s $AppServerIP
> $DBAccessPorts -d $DBServerIP
>
> $IPCHAINS -A input -j ACCEPT -i $INTERNALIF -p TCP -d $AppServerIP -s
> $DBServerIP
> $IPCHAINS -A input -j ACCEPT -i $INTERNALIF -p UDP -d $AppServerIP -s
> $DBServerIP
> $IPCHAINS -A input -j ACCEPT -i $INTERNALIF -p ICMP -d $AppServerIP -s
> $DBServerIP
>
> $IPCHAINS -A forward -i $OUTERIF -s $DBServerExternalIP -d $DBServerIP
>
>
> I am having problems with the forwarding. I need to forward requests from
> the AppServer to the DB Server on the inside of the firewall. With the
> exception of the forwarding the rest of the script works. I can pass
> requests from inside the firewall to the AppServer and these are answered.
> The problem is someone accessing the AppServer from the outside world.
> Requests can not pass from the AppServer to the database server
> through the
> firewall. What do I have to do to get this to work?
>
> Thank You,
--------
David,

I believe that you have to list the specific ports to be forwarded in the
forward rules and that it isn't the /usr/sbin/ipchains but rather
/usr/sbin/ipmasqadm for the forward rules...

i.e.

/usr/sbin/ipmasqadm portfw - a -P tcp -L $DBServerExternalIP (port#) -R
$AppServerIP (port#)

Craig
----:----|----:----|----:----|----:----|----:----|----:----|
- Craig White - PO Box 8634 - Scottsdale, Arizona - 85252
- e-mail address ................ - CraigWhite@AzApple.com
- world wide web address ........ - http://www.AzApple.com
- e-mail my pager address ....... - 6023779752@airtouch.net
- cellular phone ................ - (602) 377-9752
- voice/facsimile ............... - (480) 945-8445
----:----|----:----|----:----|----:----|----:----|----:----|