I think you need to use ipmasqadm with the "portfw" option.  Get rid of that
ipchains rule first.



> -----Original Message-----
> From: Eric Stanley [mailto:barnabas at knicknack.net]
> Sent: Wednesday, June 06, 2001 6:03 AM
> To: tclug-list at mn-linux.org
> Subject: Re: [TCLUG] Port forwarding newbie Q
> 
> 
> The way I'd do it is to change the first rule below so that the
> destination IP is the external IP on your firewall.  I think you know
> that you can't route traffic from the greater Internet to a
> non-routable address like 192.168.1.1 so accepting traffic for that
> address on your firewall is useless; it should never happen (barring
> spoofing or something like that).
> 
> You may also need to make sure your forward (and output) rules allow
> traffic to the web server.
> 
> Finally, if you don't already have it, you'll also need a port forward
> command (ipmasqadm portfw) to forward traffic from port 80 on the
> external I/F of the firewall to port 80 on the internal web server.
> 
> Hope that helps,
> 
> Eric
> 
> On Wed, Jun 06, 2001 at 01:06:57AM -0500, Phil Mendelsohn wrote:
> > Can someone take a quick peek and tell me why I'm not 
> getting through the
> > firewall from the outside?  Here is the ipchain.  I just 
> want to forward
> > port 80 (www) requests to an internal host.
> > 
> > 
> > Chain forward (policy DENY): target prot opt source 
> destination ports
> > ACCEPT tcp  ------    0.0.0.0/0        192.168.1.1          
> 80 -> 80 
> > MASQ   all  ------    192.168.1.0/24   0.0.0.0/0            n/a
> > 
> > When I try to lynx in from the U (to http://rephil.org or
> > http://www.rephil.org) it tells me it cannot connect to 
> host, but nslookup
> > or dig both give the right spots for it, and I can ssh into 
> the firewall
> > from there.  Hrm.
> > 
> > TIA,
> > 
> > Phil
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>