[NCLUG] more firewall stuff, was smoothwall

Michael Dwyer mdwyer at sixthdimension.com
Tue Feb 26 14:45:45 MST 2002


rosing at peakfive.com wrote:
> 
> I'm still trying to figure out how to temporarily poke holes in my
> firewall.  Smoothwall won't let me specify ranges of ports, and it
> doesn't seem to work anyway, so I'd like to just do it with ipchains.
> If I have a firewall that does masquerading how do I let certain ports
> through to a specific machine behind the firewall?  I'm under the
> impression I have to ACCEPT the packets in the input chain and then do
> something else in the forward chain like masq and send it to the right
> machine.  Am I right? If so how do I do it?  If wrong, what do I do?

I think you must first ACCEPT them to get them into the chain, then you
must use the portfw module to forward the port:

modprobe ip_masq_portfw
ipmasqadm portfw -a -P tcp -L 12.1.2.3 80 -R 192.168.1.100 80



More information about the NCLUG mailing list