Ok i have ipmasqadm installed along with ipchains. Ipchains came installed with redhat 7.0. I enter the command

/usr/sbin/ipmasqadm portfw -a -P tcp -L 111.111.111.111 21 -R 192.168.50.5 21

and it seems to take it ok. When i ftp to the site the ftp client will just sit there and say it can't log in. Once I get rid of the forwarding I can ftp once again but just to the server and it is not forwarded to the internal ip.
Are there commands that i have to enter in rc.firewall? I have seen people talk about it but never say what you need to put in there. Here is what i have in mine.

/sbin/modprobe ip_masq_ftp

echo "1" > /proc/sys/net/ipv4/ip_forward

/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth0 -s 192.168.50.0/24 -j MASQ

Not sure what's going on there, its kinda late, and I'm braindead, I can copy in my script that I run on my Linux box which works for everything I could want...

#! /bin/sh
# Shell Script to Add IP Masquerading Rules for IP Port Forwarding
#
# Mainly for GPL Hosting and VNC at the moment

# Starts IP Packet forwarding (kinda handy)

# /etc/rc.d/init.d/network restart

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

# Determine the IP of the eth1 card (in case it changes)


systemip=`ifconfig eth1 | grep inet | cut -d : -f 2 | cut -d \ -f 1`

# if $systemip=""
# /etc/rc.d/init.d/network restart
# fi

echo $systemip > /tmp/mymail

# This sends me my IP so I know, as I have a
# DHCP allocated IP address that changes
# every 2 weeks with my ISP...so I like to
# know

sendmail my_mail_address@domain.suffix < /tmp/mymail


# Sets the basics up for IP Chains (also, pretty handy :))
# Flushes first, just in case :)

ipchains -F

ipchains -P forward DENY
ipchains -A forward -i eth1 -j MASQ

# IP Masquerading Admin Part - IP Port forwarding handler

# Flush any existing crap out ;-)

ipmasqadm portfw -f

# This is for Game ports so they go to my .134 machine

ipmasqadm portfw -a -P udp -L $systemip 32766 -R 192.168.56.134 32766
ipmasqadm portfw -a -P udp -L $systemip 32767 -R 192.168.56.134 32767
ipmasqadm portfw -a -P udp -L $systemip 32768 -R 192.168.56.134 32768

# VNC is easy too

ipmasqadm portfw -a -P tcp -L $systemip 5900 -R 192.168.56.134 5900


Hope this helps.... only things that I've not got working are NetMeeting, and thats because of H323, which I've not looked into yet.

Good luck...

When i ftp to the site the ftp client will just sit there and say it can't log in. Once I get rid of the forwarding I can ftp once again but just to the server and it is not forwarded to the internal ip.



Turn off the ftp service on the box and try the forwarding again. You can't offer the service and try to forward it at the same time..... Your confusing the hell out of it.

for some sample rules see:
http://www.linuxnewbie.org/cgi-bin/ubbcgi/ultimatebb.cgi?ubb=get_topic&f=13&t=004970

Change the ips and the port numbers to suit
Copy the external input output rules for every service, you offer changing the port numbers to suit. Use the internal interface rules for the redirected ports that are on the private lan. If you want to restrict permit access from/to specific ips I'll show you if you want.

ipmasqadm portfw -a -P udp -L $systemip 32766 -R 192.168.56.134 32766
ipmasqadm portfw -a -P udp -L $systemip 32767 -R 192.168.56.134 32767
ipmasqadm portfw -a -P udp -L $systemip 32768 -R 192.168.56.134 32768

Does that have something to do with something called N4?

If so, i could have used you about 3 months ago for some help :mad: , but ive since gone and bought a linksys cable/dsl router. I needed to get my N4 server and 2 clients working behind redhat firewall.

[ 16 August 2001: Message edited by: yogee ]

I can see where you got that from, its for Grand Prix Legends, which uses the same sort of connection engine as Nascar 4 does now, even tho GPL was from around 1998 ish.

So I can host and the client packets get sent thru to my game machine, from the outside world, and I assume from the inside (as I use 192.168.x.x address' internally, so it would take the strain off the cable load)

Ah, I didnt read this part

"# Mainly for GPL Hosting and VNC at the moment"

Anyways, before i got the linksys router i was trying to get redhat 7.1 and my firewall rules setup for my nascar4 server and two clients behind it. Just couldnt get help.