Well, if anyone wouldn't mind helping an old LNO member, I could really use it now. :)

I have a Redhat 6.0 firewall/gateway that connects to the net via a 56k modem (ppp0) and then serves the rest of my home LAN through a single Ethernet adapter into a hub.

I have a windows box setup inside the network on 192.168.0.2 that is running Serv-U FTP server. I can access it fine from any of my boxes, but when I attempt to connect to it via the dynamic IP of PPP0, I am hitting a brick wall.

I have a feeling it is either the firewall rules, port forwarding, or some part of an FTP server is running on the firewall/gateway.

* I have gone in and taken out any references to ftpd that I could find (like inetd.conf)

* I am not the best at ipchains, and it may be an issue there... I seriously would not have a problem with taking down the firewall totally if I could just get it to work. I can always firewall each internal PC individually.

* are there any good progs that could help walk through setting up the firewall/port forwarding automatically?

TIA,
-Butros

Man, the same problem has been haunting me for the last month. I sort of fixed it last night (port forwarding works now as long as the firewall's down)

I have a wicked link bookmarked at home that I'll post to you once I'm off work if you'd like.

Sorry, I'm currently at work right now though.

I should be back at home by 6pm EST if no one else has chimed in by then.

The interface out to the net, your ppp0, cannot logically address your internal range on your second card (I am guessing you have two NIC's in the firewall box). That's how it looks to me anyways.

If you mean that you cannot connect to the FTP server from outside, then the service probably can't create a socket over ppp0, or it is merely your ipchains/iptables rules. I am at work now, hlp when I get home. :)

No, Taizong... i think you misunderstand.

I have a firewall/gateway/router, it has one 56K modem to ISP and one NIC going to a hub for internal traffic.

My FTP server is not my firewall/router/gateway... but one of my internal windows boxes.

When I try to connect via FTP to the IP address assigned to my modem, I am getting a no host error because of the fact that no FTP service is (or should be) running on my firewall.

I need to have port 21 forwarded from its internal (non routable IP of 192.168.0.2) to the dynamic IP assigned to my modem.

I know this is possible, and I have had it working before on other boxes... but I cannot figure out what is wrong.

(for the hell of it, I set up a FTP server on my firewall, and I was able to connect to it fine... so obviously it is the firewall or port forwarding that is not allowing traffic into my internal boxes.) They all can get OUT to the internet fine... just not incoming to internal PC's ports.

* Also, I am using pmfirewall to configure my firewall and I have installed ipmasqadm.

I just do not know ipchains/port forwarding well enough (and there aren't many helpful docs) to get this working. As soon as I do get a working solution, I am going to write it up as a NHF.

Most solutions only show how to handle things if you have a static IP... and I cannot find good understandable ipchains info to solve my problems either.

Thank you for any help in this matter,
-Butros

Ahhh here we go:
http://www.praveen-linux.8m.com/art/portforward.htm

My biggest problem was that my firewall was blocking that port. THis'll set you up with both firewall and port forwarding.

Ok, I know exactly what you mean. You need 2 things, a couple of ipmasqadm lines to port forward and an ipchains line (or 2) to let contact through the firewall. I can help with the first at least. Heres the line I use. This will set up the script to autodetect your outside ip:

#!/bin/sh

# Substitute your adapter for eth0 (not sure # what it would be for a regular modem)

EXTIF="eth0"
EXTIP=`/sbin/ifconfig | grep -A 4 $EXTIF | awk '/inet/ { print $2 } ' |
sed -e s/addr://`

# These 2 lines flush your forward rules and set up the port
# forwarding (change 451 to whatever port you want forwarded)
# 192.168.0.10 is the ip of my internal ftp box

/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 451 -R 192.168.0.10 451 -p 100

----------------------

As is, this detects my assigned ip and forwards everything on port 451 to my windows box that also has an ftp server running on it.

Now what you and I both need are the ipchain lines to open the firewall up for that port (I believe)

Can anyone help out? THis is the point I'm stuck at too.

Hope this helps.

Just a thought, you may want to change the port you use just to avoid any possible port conflicts with basic ftp port stuff. That's why I use 451.

[ 28 January 2002: Message edited by: Syngin ][/QB][/QUOTE]

Got it for the ipchains I think:

$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 451 -j ACCEPT


THis one worked for me.

Thanks Syngin, but the second one relies on two variables $REMOTENET, and $OUTERNET... the are more than likely assigned by a script.

I have the exact same lines as you have for ipmasadm (I got them from the README, and INSTALL info). Except I use ppp0 instead of eth0. This doesn't help.

I need just a simple ipchains statement that basically says to allow all traffic from anywhere on port 21 and then the proper (again simple) lines for port forwarding port 21 to 192.168.0.2

I also was wondering if I can use my dyndns address for my outside IP address in scripts like you mention above.
EXAMPLE: instead of "$EXTIP" or "$REMOTENET" could I use blahblah.dyndns.org ??

My journey continues, I feel like I'm getting closer...

oops. My bad. Was doing too many things at once I guess.

Those variables are defined in my firewall conf as:
OUTERIF=eth0
REMOTENET=0/0
OUTERIP=`ifconfig $OUTERIF | grep inet | cut -d : -f 2 | cut -d \ -f 1`
OUTERMASK=`ifconfig $OUTERIF | grep Mas | cut -d : -f 4`
OUTERNET=$OUTERIP/$OUTERMASK