Quick and dirty ... ________ IPMASQADM FAQ ________ Juanjo, 16-Mar-1999 http://juanjox.linuxhq.com/ipmasqadm-FAQ.txt =Q: > I just want to used portforwarding in my > kernel 2.1.122 (using your ip_masq_portfw) but seem it doesn't work. My > question is should I setup IP Chains first before use it? =A: YEAp, portfw works by reverse-masq so you must have a masq rule to ``take the reply packets out'' Eg If you: # ipmasqadm portfw -A -P tcp -L internet_IP 80 -R internal_IP 80 you should, AT LEAST, have # ipchains -I forward -p tcp -s internal_IP/32 80 -j MASQ =Q: > > Perhaps a little offtopic, but has anyone had success using ipmasqadm? I > remember somebody saying so, but I have tried several times to no avail. I am > currently using 2.1.101. Before of that, I tried with 2.1.9[7-9], 2.1.100, > same results. > > If I do: > > ipmasqadm portfw -a -P tcp -L local 1080 -R remote 80 > telnet local 1080 > > it waits forever for a connection. I also use masquerading for connecting my > net to the internet. Tried to delete masquerading, but no success though. Even > tried: =A: portfw will only work when kernel is *forwarding* (masquerading, actually), local sourced connections don't go via forwarder, so are (almost, he) invisible to portforwarding. =Q: > Hi everyone, I just setup a linux router to masquerade my lan to the net > and am wondering if its going to be possible to have it forward > ports(telnet etc) to my computer which sitting on the same lan. Running > ipautofw gets me: > > # ipautofw -A -r tcp 23 23 -h 192.168.1.1 > setsockopt: Protocol not available > > 192.168.1.254 is the router box and 192.168.1.1 is me > > Anyone know whats up? Can ipchains somehow accomplish what I wan't to do > or does it currently remain unimplemented? Are you out there Richard > Lynch? netis.netis.com doesnt seem to want to deliver mail to you... > =A: For 2.1 you must use ipmasqadm (you can fetch it from my URL). For your setup, portfw command should be something like # ipmasqadm portfw -a -P tcp -L 23 -R 192.168.1.1 23 Please note that LOCAL redirection (ie. telnet at the router) won't work, you must use it from outside. =Q: > Hi, > I tried to forward a request for host 193.159.175.194 80 to > 192.168.100.30 80, which is a web server. I use 2.1.112 kernel ip-masq and > ip-masq-ipportfw enabled, the command I tried out is ipmasqadm portfw -a > - -P tcp -L 193.159.175.194 80 -R 192.168.100.30 80 . The output of tcpdump > looks good, but there is no connect. At that point I'm using no ip-filters > and no masquerading, is that o.k? > > Can you figure out, how to solve this problem? =A: Currently portfw does sortof "reverse-masq", so it does require direct masq configured: ipchains -I forward -p tcp -s 192.168.100.30/32 80 -j MASQ BTW You can see nice masq status in /proc/net/ip_masq/entries =Q: > > Please check that you did enable portfw in your .config > > : > > CONFIG_KMOD=y > > CONFIG_IP_MASQUERADE_MOD=y > > CONFIG_IP_MASQUERADE_IPPORTFW=m > > : > > Do I nead any patch to use it together with my 2.1.128 kernel?? > > I didn't get all those options when I do a make config (or make > menuconfig) =A: Please add CONFIG_EXPERIMENTAL=y ... and get ready ... 8)