G
Guest
Guest
Archived from groups: comp.security.firewalls (More info?)
I'm attempting to get port forwarding working correctly on IPCop (latest
version - all patches).
IPCop is set up with Green and Red zones only (I know - I should have a
DMZ....) . Red zone has 1 normal IP and 5 aliases (all static IP addresses).
Green zone has a static address on private network.
I have managed to get port 25 on the red zone to succesfully port forward to
my internal SMTP server and incoming mail is being delivered as expected.
The problem I am having is trying to get port 8080 to forward to an internal
web server on port 8080. The physical web server has a different IP address
to the physical mail server (not sure if this makes a difference) and I have
tried forwarding different IP's on the red zone with no success.
Output from IPTables for the relevant chain is:
root@Fwall:/etc # iptables -L PORTFWACCESS
Chain PORTFWACCESS (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.1.5 tcp dpt:webcache
ACCEPT tcp -- anywhere 192.168.1.97 tcp dpt:smtp
As you can see, the entry appears to be correct (pointing to 'webcache' port
- 8080) but no traffic is reaching the web server and nothing is showing up
in the firewall logs. I have checked that the firewall can contact the web
server and there is no problem there.
Any assistance would be appreciated.
--
Andy.
I'm attempting to get port forwarding working correctly on IPCop (latest
version - all patches).
IPCop is set up with Green and Red zones only (I know - I should have a
DMZ....) . Red zone has 1 normal IP and 5 aliases (all static IP addresses).
Green zone has a static address on private network.
I have managed to get port 25 on the red zone to succesfully port forward to
my internal SMTP server and incoming mail is being delivered as expected.
The problem I am having is trying to get port 8080 to forward to an internal
web server on port 8080. The physical web server has a different IP address
to the physical mail server (not sure if this makes a difference) and I have
tried forwarding different IP's on the red zone with no success.
Output from IPTables for the relevant chain is:
root@Fwall:/etc # iptables -L PORTFWACCESS
Chain PORTFWACCESS (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.1.5 tcp dpt:webcache
ACCEPT tcp -- anywhere 192.168.1.97 tcp dpt:smtp
As you can see, the entry appears to be correct (pointing to 'webcache' port
- 8080) but no traffic is reaching the web server and nothing is showing up
in the firewall logs. I have checked that the firewall can contact the web
server and there is no problem there.
Any assistance would be appreciated.
--
Andy.