hey,

I'm stuck. Here is the deal. I've got a RH box holding up an ADSL line on it's external NIC. It's internal NIC is on a cross overcable to an NT boxen running Small Buisness Server yes it sucks but it's cheap). The NT box the has an internal NIC servicing the LAN with Proxy Server, etc.... (note Proxy Server will not work with residental ADSL)

anyhoo the linux box is masqing the interal lan (the nt box) and port forwarding the mail, this works, and we can send and recieve mail throught exchange. However the web (port 80) is not forwarding. Here's the lowdown.

ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY

ipchains -A forward -j MASQ

ipmasqadm portfw -a -P tcp -L $EXTERNAL 80 -R $INTERNAL 80
ipmasqadm portfw -a -P tcp -L $EXTERNAL 25 -R $INTERNAL 25


I know that's not much of a firewall I just want to get it working and then I'll tighnen it up.

As I said the masqing and the mail work fine but I can't get to the internal web sever.

Any suggestions would be appreciated.

Colin


------------------
You are not a beautiful and unique snowflake. Tyler Durden

[This message has been edited by kawlyn (edited 06 December 2000).]

What is your $INTERNAL set to? You need to go to that $INTERNAL workstation and make sure you have it up and running, listening on port 80 (maybe run nmap ON $INTERNAL to double check) - then double check to see if you don't have any firewall rules on that computer and then double check your log files! if you're running apache - check those and see if anything is amiss there as well..

your mileage may vary :}

regards

~kyle

hey,

The internal nic on the linux box is 192.168.0.1 and it is connected to an NT box on 192.168.0.10.

The NT box is running Exchange and IIS. Mail runs fine, the linux box is forwarding the SMTP fine.

Port 80 however is a no go.

I'm not on the site right now but I'll get the logs and put them up, I can't seem to gleen any useful info from them myself.


Colin

so 192.168.0.1 has the email server, as well as the web server on it, correct?

go ahead and check the logfiles of both the webserver and system logs and post them here.

for clarification purposes, what is .1 running (OS-wise) and on the NT box (.10) you mentioned you are running the email server.. but in your portfw rules you are redirecting it to $INTERNAL which you just said was set to 192.168.0.1 which would be redirecting everything to your linux box.. can you try to explain your setup of computers (starting with internet access and ending with whatever is pertinent.. probably up till the email/web server)

regards,

~kyle

basically, your portfw rules are redirecting anything from $EXTERNAL (which I assume is your internet IP address) to $INTERNAL (which you have informed me is 192.168.0.1) which makes me wonder why your email is even working in the first place, seeing how you just said it was on 192.168.0.10 (you should be using -R 192.168.0.10 25). please unconfuse me :}

hey,

Sorry I guess I wans't exactly clear. $External is the internet address and $Internal is the 192.168.0.10

Some ASCII art for your viewing pleasure:

+---------------+
-----ADSL------ |Internet IP |
| |
| e-smith |
| (red hat 6.1) |
| |
|running |
| apache :668 |
| |
| |
| |
| |
| 192.168.0.1 |-------+
+---------------+ |
+------------------+
|
| crossover cable
|
|
| +-----------------------+
+--|192.168.0.10 |
| |
| MS Exchange |
| MS Proxy Server |
| IIS |
| |
| |
| |
| | internal lan
| | (via Proxy server)
| 10.0.0.2 |----------------
+-----------------------+


I still haven't been able to get to the site to check the logs yet. But I am getting a better idea of what to look for.

Thanks again for the suggestions


Colin

Ah hah!


+---------------+
-----ADSL------ |Internet IP |
| |
| e-smith |
| (red hat 6.1) |
| |
|running |
| apache :668 |
| |
| |
| |
| |
| 192.168.0.1 |-------+
+---------------+ |
+------------------+
|
| crossover cable
|
|
| +-----------------------+
+--|192.168.0.10 |
| |
| MS Exchange |
| MS Proxy Server |
| IIS |


alright. notice in your *first post* you said you were redirecting:


ipmasqadm portfw -a -P tcp -L $EXTERNAL 80 -R $INTERNAL 80
ipmasqadm portfw -a -P tcp -L $EXTERNAL 25 -R $INTERNAL 25


BOTH port 80 AND 25 from $EXTERNAL to $INTERNAL, which you just said:


Sorry I guess I wans't exactly clear. $External is the internet address and $Internal is the 192.168.0.10


that means that you are *redirecting* port 80 from OUTSIDE to 192.168.0.10 - but is that where apache is? Doesn't seem like it from your ASCII art.

My suggestion:

instead of the ipmasqadm you have for port 80, try:


ipmasqadm portfw -a -P tcp -L $EXTERNAL 80 -R 192.168.0.1 80


and see if that works.

best of luck (if it doesn't, come back with logs)

regards,

~kyle

[This message has been edited by Fandelem (edited 07 December 2000).]

Did you ever get this working? I'm having the same problem and thought I'd see if you got it to work before I started a new thread...