IPCHAINS, forwarding rule, need help

[bkonner]

Hi,

I am running an internal service. I need to grant out side users access to an internal computer. I am running NAT. I am using IPCHAINS. I need to allow outside computers access to an internal computer (10.100.201.35) on port 95. I can not figure out how to do it.

Any help would be greatly appreciated.

Thanks in advance

Bill Konner

 

[bkonner]

I should have added, these are the rules I am using:
(running from /sbin directory)

echo 1 > /proc/sys/net/ipv4/ip_forward
./ipchains -A forward -J MASQ -s 10.0.0.0/8 -d external_address/8
./ipchains -A forward -i eth1 -j MASQ
./ipchains -A forward -i eth1 -p TCP -s 0/0 -d 10.
100.201.35 95 -j ACCEPT

The last rule is what does not work, but is what I am trying to use to forward packets to port 95 on the internal computer.

Thanks

 

[ifincham]

Hi,

That isn't really possible in ipchains per se but you can use ipmasqadm like this:

/usr/sbin/ipmasqadm portfw -a -P tcp -L 1.2.3.4 95 -R 192.168.1.1 95

(where 1.2.3.4 is your external address). I'm not sure how easy it is to find that nowadays - it's from the rpm of the same name.

If you have the 2.4.x series kernel its best to move onto iptables from ipchains and use the nat functions in that . For example :

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/modprobe iptable_nat
/sbin/iptables -A PREROUTING -t nat -p tcp -d 1.2.3.4 --dport 95 -j DNAT --to 192.168.1.1:95

See -->

http://netfilter.samba.org/

Hope this helps

 

[bgarlock]

Here's a link to ipmasqadm RPM:

ftp://ftp.compsoc.net/pub/users/steve/ipsubs/ipmasqadm-0.4.2-4.i386.rpm Bruce Garlock
bruceg@tiac.net

http://bruceg.dyndns.org

 

[haneo]

here is the official site of IPMasquerading (lost of exemples and and How-to)

http://www.e-infomax.com/ipmasq/

hope this will help