I have a Linux machine (Debian unstable with kernel 2.2.18) that is successfully masquerading for our local network. I want to do port forwarding so that machines on the Internet can see the web server of a machine on the local net. Following the IP-Masquerading howto, I have the following script which sets up the masquerading and attempts to set up the port forwarding as well:
/sbin/depmod -a /sbin/modprobe ip_masq_ftp echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_always_defrag echo "1" > /proc/sys/net/ipv4/ip_dynaddr /sbin/ipchains -M -S 7200 10 160 /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -i eth1 -s 10.3.0.0/24 -j MASQ MYIP=X.X.X.X /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L $MYIP 80 -R 10.3.0.50 80 Where X.X.X.X is the IP address of the interface on the masquerading machine visible to machines on the Internet. Port forwarding isn't working though. It is apparent that something is happening as that now the web server on the masquerading machine no longer responds (as I assume traffic is indeed trying to be forwarded) but neither does the machine I'm trying to forward to respond. Can anyone see any problems with my firewall script? "ipmasqadm portfw -l" returns: prot localaddr rediraddr lport rport pcnt pref TCP X.X.X.X 10.3.0.150 80 80 10 10 Which, as far as I can tell, looks correct. Any clues are greatly appreciated. Thanks, Gerry
