[NCLUG] more firewall stuff, was smoothwall
Michael Dwyer
mdwyer at sixthdimension.com
Tue Feb 26 14:45:45 MST 2002
rosing at peakfive.com wrote:
>
> I'm still trying to figure out how to temporarily poke holes in my
> firewall. Smoothwall won't let me specify ranges of ports, and it
> doesn't seem to work anyway, so I'd like to just do it with ipchains.
> If I have a firewall that does masquerading how do I let certain ports
> through to a specific machine behind the firewall? I'm under the
> impression I have to ACCEPT the packets in the input chain and then do
> something else in the forward chain like masq and send it to the right
> machine. Am I right? If so how do I do it? If wrong, what do I do?
I think you must first ACCEPT them to get them into the chain, then you
must use the portfw module to forward the port:
modprobe ip_masq_portfw
ipmasqadm portfw -a -P tcp -L 12.1.2.3 80 -R 192.168.1.100 80
More information about the NCLUG
mailing list