[Firehol-support] Another day in port forward nightmare...

Alain Bacon syntek67 at yahoo.com
Thu Sep 25 00:47:05 BST 2003 

Hi, I have tried a zillion things since the last 
two days to do something as simple as port forwarding,
in theory, I guess :) , without success...

This is the picture. I have a RedHat 9 firewall/gateway. 

It's primary purpose is to provide internet access 
to Windows computers on the lan. The computers on 
the lan are allowed to do whatever they want on the net.

There is a machine on the lan (SERVORACLE7) which runs 
an Xitami http server. The server runs fine, I can 
access it from any computer on the lan. 

So the secondary purpose of the gateway is to 
redirect HTTP requests received on the gateway, from 
the net, to this SERVORACLE7 machine...

The following script seems to be working fine for 
every purpose intended, except forwarding HTTP 
requests to SERVORACLE7. 

The Xitami logs dont show any access from the gateway
machine (either public or private address). So I assume 
the packets are simply not getting to the machine, thus
are not forwarded... 

I am really in the dark here, and have no more ideas... I
have tried to put "server all accept" and 
"client all accept" in every interface
and router statements with no result. It simply won't
DNAT... Any one have an idea? :)

Thanks...


------ my script ----------------------------------

version 5

PUB_IP="204.19.34.81"
LAN_IP="192.168.1.212"

SERVORACLE7="192.168.1.109"

dnat to "$SERVORACLE7" inface eth0 proto tcp dport 80
 
interface eth0 Internet

	protection strong
	policy drop
	server ssh accept
	client all accept
	
	
interface eth1 Lan 
 
	policy reject
	server ssh accept
	server samba accept
	server icmp accept
	client all accept
	
	
router Lan2Internet inface eth1 outface eth0

	masquerade 
	server all accept
	
	
router Internet2Lan inface eth0 outface eth1
	
	# ALSO TRIED WITH: masquerade reverse
	server http accept
	
---- end of script -------	
	


=====
_______________________________________________________
Alain Bacon - Application Architect 
Mobilair Intégration Inc. 1-800-341-4124 
PGP public key: http://pages.infinit.net/syntek
Live as if you would die today & dream as if you would never die!

______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca

More information about the Firehol-support mailing list