Based on this sentance from a list of 2.4 networking features: "Built-in PORT Forwarding, which makes IPMASQADM no longer required" (from http://www.linuxports.com/howto/IP-MASQ/x266.htm) I would think that ipmasqadm is not the "correct" solution. On Sat, 19 May 2001, Largo Hellenz wrote: > hi, > > i am able to port forward for ext. to int. interfaces using > IPMASQDM PORTFW. > > you have to get the IPMASQADM code off of the internet. > > ###################################################### > # here is my example.... > ###################################################### > > #!/bin/sh > > /sbin/depmod -a > /sbin/modprobe ip_masq_mfw > /sbin/modprobe ip_masq_user > /sbin/modprobe ip_masq_autofw > /sbin/modprobe ip_masq_portfw > > extip="`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e > 's/.*://'`" > > ######################################################################## > ######################################################################## > /usr/sbin/ipmasqadm portfw -f > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 21 -R 192.168.1.10 21 > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R 192.168.1.10 80 > #/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 6000 -R 192.168.1.254 6000 > #/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 6001 -R 192.168.1.254 6001 > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10001 -R 192.168.1.10 22 > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10002 -R 192.168.1.101 22 > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10003 -R 192.168.1.101 23 > /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 10004 -R 192.168.1.10 23 > > #/usr/sbin/ipmasqadm portfw -a -P udp -L $extip 69 -R 192.168.1.254 69 > #/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 53 -R 192.168.1.101 53 > ####################################################################### > ####################################################################### > > > -----Original Message----- > From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx]On > Behalf Of Ben > Sent: Sunday, May 20, 2001 1:02 AM > To: lartc@xxxxxxxxxxxxxxx > Subject: [LARTC] masq + nat + port forwarding: can it be done? > > > We're having problems getting our 2.4 kernel to do exactly what we need > it to for our network. In short, we aren't able to do port forwarding for > a masquarded machine, nor for a NAT'd machine. > > The topology goes like: > > cable -- (eth2) > | > router - (eth1) > | | > dsl ---- (eth0) +-- client1 (10.0.0.1) > +-- client2 (10.0.0.2) > +-- server1 (10.0.0.3) > +-- server2 (10.0.0.4) > > The router's interfaces are: > eth0 1.1.1.1 > eth0:1 1.1.1.2 > eth1 10.0.0.254 > eth2 2.2.2.2 > > > server1 (10.0.0.3) is set up for 1:1 NAT with eth0:1... all incoming > packets to 1.1.1.2 go to server1, and all packets from server1 get > translated to come from 1.1.1.2. > > client1 and client2 are masquaraded through eth0, unless they > attempt to initiate an ftp or nntp connection, in which case they are > masq'd through eth2. > > server2 is always masq'd through eth2. > > What we'd *like* to do is the following: > > 1) If ftp connections come in on eth2, we'd like to forward those requests > on to server2, and have replies go back out the same interface. It's not > clear to me if it's even possible to set up port forwarding for an > interface that's doing masquarading, much less what the iptables syntax. > > 2) If ssh connections come in on eth0:1, we'd like to forward those > requests on to client2 (instead of server1), and also have client2's > replies leave through eth0:1... but ONLY if we're talking about ssh > packets. Basically, this is 1:1 NAT for eth0:1 and server1, except for > ssh, where we'll want to do 1:1 NAT with a differnt internal IP. The > problem I'm having with this is how to specify the reverse route? client2 > should be masq'd by eth0, unless it's responding to ssh packets coming > from eth0:1. > > Help? > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://ds9a.nl/2.4Routing/ >
