On Thu, Jan 27, 2000 at 02:06:01PM +0100, Fitsch wrote: > > Perhaps you try something wrong, or I don't understand your setup. In > > common Port Forwarding is used to redirect traffic from the outside to > > an internal host behind your firewall. (e.g. webserver) this internal > > host may have an adress from the private space.
Yes, that's exactly what I want to do. I tried this with masq. on and out but the problems are the same. > > When you specify the IP-Adresses, Source and Destination must be > > adresses on different machines, not of different nic's in one machine. Right. I used as IP addresses the outside address of my firewall and the address of my server in my internal net. > > If you have a strict policy on your firewall you have to allow this > > traffic, better you create an seperate chain for portforwarded traffic > > from the outside to the inside. I even tried with all traffic allowed through. > > For traffic from the inside to the outside you don't need Port > > Forwarding, as this is handled by Masquerading or normal routing. Yes, but I also get backward traffic after connecting from the outside. For instance inetd tried to connect to teh auth service to check who is trying to connect. The problem I had with outbound traffic though was with the packets send back in the connection established from the outside. Michael -- Michael Meskes | Go SF 49ers! Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire! Tel.: (+49) 2431/72651 | Use Debian GNU/Linux! Email: Michael@Fam-Meskes.De | Use PostgreSQL!
