[NTLUG:Discuss] IP Forwarding
Cameron
hrothgar at endor.hsutx.edu
Thu Feb 17 11:38:00 CST 2000
* George.Lass at osc.com [2000.02.17 11:14]:
: "George E. Lass" wrote:
: >
: > I'm trying to use my RedHat 6.1 box as a router, but am having
: > little success. Here is what my "network" looks like:
: >
: > BOX-1<------->BOX-2<---->CISCO ROUTER<--------->BOX-3
: >
: > BOX-1 is 10.2.200.26
: > BOX-2 is 10.2.200.1 on eth1 (connecting to BOX-1)
: > BOX-2 is also 10.2.1.36 on eth0 (connecting to CISCO ROUTER)
: > BOX-3 is 10.2.1.21 on eth0
: >
: > BOX-3 can telnet to 10.2.1.36
: > BOX-3 can also telnet to 10.2.200.1
: >
: > BOX-2 can telnet to 10.2.1.21
: > BOX-2 can also telnet to 10.2.200.26
: >
: > BOX-1 can telnet to 10.2.200.1
: > BOX-1 can also telnet to 10.2.1.36
: >
: > BUT
: >
: > BOX-3 can NOT telnet to 10.2.200.1
: > BOX-1 can NOT telnet to 10.2.1.21
: >
: > I've read the HOWTO on ipchains, and fooled with them
: > for several hours, but to no avail. I even tried to
: > set up a rule to log telnet attempts from BOX-3 to BOX-1
: > but I don't ever see any log entries. I tested
: > the rule for telnet from BOX-3 to 10.2.200.1 and it
: > works just fine:
: >
: > ipchains -A input -p tcp -s 10.2.1.21 -d 10.2.200.1 telnet -j ACCEPT -l
: >
: > here is the one that never logs a packet:
: >
: > ipchains -A input -p tcp -s 10.2.1.21 -d 10.2.200.26 telnet -j ACCEPT -l
: >
: > Any ideas?
: >
: > TIA,
: >
: > George
: >
: A short update. Using only the following ipchains command, I am now
: able to telnet from BOX-1 to BOX-3, but I *still* can't get from BOX-3
: to BOX-1:
:
: ipchains -A forward -j MASQ -b -s 10.2.200.0/24 -d 0.0.0.0/0
:
: George
:
do you have BOX-1 allowed in BOX-3's /etc/hosts.allow? can you make any
other connections besides telnet?
--
cameron
[ Grow up and use mutt (http://www.mutt.org) ]
More information about the Discuss
mailing list