>From: Phil Mendelsohn <mend0070 at tc.umn.edu> >Subject: [TCLUG] Port forwarding >I've got two quickies (maybe 3) about port forwarding on a NAT >firewall. I'm using ipmasqadm portfw, kernel v2.2.19 or thereabouts on a >CoyoteLinux box. > >1: > > ipmasqadm portfw -a -P tcp -L (local addr) 80 -R (masq'd addr) 80 > > seems to set up the forward I want. What I read in the docs > indicates that the return ports should already be covered by > the normal masq behavior. Is this true, or do I need to set up > a return path? That should work fine, but I would HIGHLY recommend moving a 2.4 based kernel and use iptables. The functionality is emmensely more powerful. >2: > Any better recommendations on IPChains than the IPChains-HOWTO? And > what happened to the MASQ/NAT stuff Amy had put up on the mn-linux web > site? > >3: > Has anyone noticed / can anyone explain why on a 486 box, when > ipchains or the routing table are listed, at least the first > time, it takes a *really* long time for them to respond with > the table? I mean that ipchains -L gives the headers, but then > waits like a _minute_ or two. If you're patient, it comes, and > after that is fast. What's making it think so hard the first time? Its waitng to resolve names. Use ipchains -L -n to output in numerical output only. Later, A