Simon Tneoh Chee-Boon said: > Hello nate, > 'Coz ipchains always displays that message, so I've commented the > REDIRECT > rule. > So for my objective, the important parts are the ipchains, ipmasqadm > portfw and route table, right?
yep, don't need redirect at all > For my case, do I need any settings like CONFIG_IP_TRANSPARENT_PROXY=y? nope don't need it. > And will ipchains' MASQ rule affect this? I got something like the > following in my rules: > ipchains -A forward -s $INTERNAL_NET -j MASQ > ipchains -A forward -i $INTERNAL_INTERFACE -j MASQ that looks ok to me. Though I don't use the 2nd command, I don't think it should effect the outcome. > If it works, what would I see in the syslog for ipchains? Would I see > something like the followings? > external_interface PCAClientExternalIP (unprivportA) -> FWExternalIP > (5632) internal_interface PCAClientExternalIP (unprivportA) -> > PCAHostInternalIP (5632) you probably won't see anything in syslog, doesn't look like portfw is capable of logging. You should see stuff when using tcpdump though. the PC anywhere server is on the same LAN as the internal interface of the firewall right? and IP Forwarding is turned on (/proc/sys/net/ipv4/ip_forward) not sure what else to suggest. nothing on the client PCanywhere machine preventing connections(local firewall?), run tcpdump again and be sure there are inbound packets from your external host, or better yet run it, output to a file (tcpdump -i eth0 src or dst EXTERNAL_IP >&/tmp/eth0.log and in another terminal tcpdump -i eth1 src or dst INTERNAL_IP >&/tmp/eth1.log). If your internal/external interfaces are reversed, then reverse the commands. email me the log off list(change the ips if you want, just be sure they are changed to something consistant. email the logs to aphro_AT_aphroland_DOT_org if you email them to this address I may miss em nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
