ipchains - help with ext to int

I would like to run a webserver on my network behind my linux firewall. I am using ipchains currently which masqs traffic from internal to external without issues.. but I'm stuck trying to open a port to the internal network.

ppp0 is my external facing nic 123.123.123.123
eth1 is my internal facing nic 192.168.0.1
192.168.0.2 is the machine I wish to connect ppp0:8080 too
From localhost on the linux box I can telnet to this machine

I think I have tried everything with no success....

For testing... I have turn my firewall off and have input/forward and output set to ACCEPT

# I created a new chain
ipchains -N web

# catch 8080 and forward to web chain
ipchains -I input -p tcp -s 0/0 8080 -j web

ipchains -A web -s 0/0 8080 -d 192.168.0.2 8080 -j MASQ

Please help

Richard.

is there any reason your using ipchains and not iptables?

iptables is the newer version of the two, with a few extra features thrown it. I never actually used ipchains becuase by the time i started using linux, iptables was the norm.

You may be able to find some documentation on www.netfilter.org if no one else can remember anything about ipchains.

Jason

Quote:

---

Originally Posted by jasonlambert

is there any reason your using ipchains and not iptables?

Jason

---

When I started using linux ipchains was what the cool kids were using. During my upgrades I just moved my firewall ruleset from machine to machine.. never a hassle until slackware 9.1.... ipchains was not there.

I tried configuring my firewall with iptables but I am getting old and hate change. After some fighting about with iptables I installed ipchains, insert my old rules again and without having to work hard had my network up and running again.

I do have plans to convert to iptables... just not today.


Richard

ok... I am one of the cool kids ... I switched to iptables... well I started too.

iptables solved my issue...

# Nat my internal traffic out
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

# Map external traffic to my internal machine
iptables -A PREROUTING -t nat -p tcp -d 1.2.3.4 --dport 8080 -j DNAT --to 192.168.0.2:8080

This was easy... now I just have to convert my ipchains firewall rules and I'm done.

Richard