To use it:
ifconfig eth0:1 x.x.x.x up
ipmasqadm portfw -a -P tcp -L x.x.x.x 65535 -R 192.168.1.x 65535
This seems to work OK (we are using it to forward our web & ftp). The
use of 65535 as an 'Any' port is probably incorrect, but use of anything
else
needs changes to ipmasqadm.
One problem as everything *behind* the firewall sees the firewall as
those IP addresses,
since the portfw code isn't entered in this case.
Tony
--- ip_masq_portfw.c.old Fri May 21 10:46:47 1999
+++ ip_masq_portfw.c Fri May 21 10:53:14 1999
@@ -30,6 +30,7 @@
#define IP_PORTFW_PORT_MIN 1
#define IP_PORTFW_PORT_MAX 60999
+#define IP_PORTFW_PORT_ANY 65535
struct ip_portfw {
struct list_head list;
@@ -140,11 +141,14 @@
for (e=l->next;e!=l;e=e->next) {
n = list_entry(e, struct ip_portfw, list);
- if (lport == n->lport && laddr == n->laddr) {
+ if ((lport == n->lport || n->lport ==
IP_PORTFW_PORT_ANY) && laddr == n->laddr) {
/* Please be nice, don't pass only a NULL dport */
if (daddr_p) {
*daddr_p = n->raddr;
- *dport_p = n->rport;
+ if(n->rport == IP_PORTFW_PORT_ANY)
+ *dport_p = lport;
+ else
+ *dport_p = n->rport;
}
goto out;
@@ -275,7 +279,7 @@
case IP_MASQ_CMD_FLUSH:
break;
default:
- if (htons(mm->lport) < IP_PORTFW_PORT_MIN ||
htons(mm->lport) > IP_PORTFW_PORT_MAX)
+ if ((htons(mm->lport)!=IP_PORTFW_PORT_ANY) &&
(htons(mm->lport) < IP_PORTFW_PORT_MIN || htons(mm->lport) >
IP_PORTFW_PORT_MAX))
return EINVAL;
if (mm->protocol!=IPPROTO_TCP && mm->protocol!=IPPROTO_UDP)
-- "Bother," said Pooh, "Eeyore, ready two photon torpedoes and lock phasers on the Heffalump, Piglet, meet me in transporter room three"tmh@magenta-logic.com http://betty.magenta-logic.com
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/