Find the answer to your Linux question:
Results 1 to 4 of 4
I would like to run a webserver on my network behind my linux firewall. I am using ipchains currently which masqs traffic from internal to external without issues.. but I'm ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2004
    Posts
    30

    ipchains - help with ext to int


    I would like to run a webserver on my network behind my linux firewall. I am using ipchains currently which masqs traffic from internal to external without issues.. but I'm stuck trying to open a port to the internal network.

    ppp0 is my external facing nic 123.123.123.123
    eth1 is my internal facing nic 192.168.0.1
    192.168.0.2 is the machine I wish to connect ppp0:8080 too
    From localhost on the linux box I can telnet to this machine

    I think I have tried everything with no success....

    For testing... I have turn my firewall off and have input/forward and output set to ACCEPT

    # I created a new chain
    ipchains -N web

    # catch 8080 and forward to web chain
    ipchains -I input -p tcp -s 0/0 8080 -j web

    ipchains -A web -s 0/0 8080 -d 192.168.0.2 8080 -j MASQ

    Please help

    Richard.

  2. #2
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    is there any reason your using ipchains and not iptables?

    iptables is the newer version of the two, with a few extra features thrown it. I never actually used ipchains becuase by the time i started using linux, iptables was the norm.

    You may be able to find some documentation on www.netfilter.org if no one else can remember anything about ipchains.

    Jason

  3. #3
    Just Joined!
    Join Date
    Mar 2004
    Posts
    30
    Quote Originally Posted by jasonlambert
    is there any reason your using ipchains and not iptables?

    Jason
    When I started using linux ipchains was what the cool kids were using. During my upgrades I just moved my firewall ruleset from machine to machine.. never a hassle until slackware 9.1.... ipchains was not there.

    I tried configuring my firewall with iptables but I am getting old and hate change. After some fighting about with iptables I installed ipchains, insert my old rules again and without having to work hard had my network up and running again.

    I do have plans to convert to iptables... just not today.


    Richard

  4. #4
    Just Joined!
    Join Date
    Mar 2004
    Posts
    30
    ok... I am one of the cool kids ... I switched to iptables... well I started too.

    iptables solved my issue...

    # Nat my internal traffic out
    iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
    echo 1 > /proc/sys/net/ipv4/ip_forward

    # Map external traffic to my internal machine
    iptables -A PREROUTING -t nat -p tcp -d 1.2.3.4 --dport 8080 -j DNAT --to 192.168.0.2:8080

    This was easy... now I just have to convert my ipchains firewall rules and I'm done.

    Richard

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •