Phil Mendelsohn wrote: > On Wed, 6 Jun 2001, Simeon Johnston wrote: > > > Simeon Johnston wrote: > > > Sample forwarding rule. ipmasqadm handles the portfw command and is a > > > seperate application from ipchains. > > > /usr/sbin/ipmasqadm portfw -a -P tcp -L RealIPofFirewall 80 -R InternalIP 80 > > OK -- done and done. (First thing I tried, and yes I know about deleting > / flushing the chains / portfws). > > > > You have to masq all outgoing traffic from internal hosts. > > > ipchains -A forward -i exernaldevice -s internalnetwork -d 0.0.0.0/0 -j MASQ > > > > Sorry, forgot about accepting incoming port 80 to the firewall > > ipchains -A input -i externaldevice -p tcp -s 0.0.0.0/0 -d RealIPofFirewall 80 > > -j ACCEPT > > Did that, doesn't help. Isn't that covered by input chain policy ACCEPT? should be > I am using 2.2.18 CoyoteLinux with ipmasqadm already. I'm starting to go > a little nuts here, becuase I seem to be doing everything right. And it > ain't the machine, because I'm reading and writing these emails through > it! > > Thanks for your help guys. I'm going to flush it out and start from > scratch, but it's one lousy rule and one portfw! (Could it be the -y > option or the TOS args? Should I tell forward to -t 0x01 0x10? BREATH. RELAX. KICK YOUR COMPUTER (or just a warning kick near your computer. It sensed fear...) Just for kicks (not for security.. but if security was a big problem you wouldn't be using a ACCEPT policy for input) :-) Try adding explicit ip's. I remember when I used this for the first time. It was a royal pain. What rules are you using now. You may have some conflicting rules. Is the ipmasqadm stuff *Compiled* into your kernel? Should be for CoyoteLinux. Maybe it's a module? I've never used CoyoteLinux so I'm not sure. There are LOTS of other reasons this won't work. A little more info will be helpful. sim