ipmasqadm port forwarding ipportfw (HOWTO)

["Marc Redmile-Gordon" <marc@xxxxxxxxxxxxxxxxxx>]

Hi All,

born out of frustration with conflicting info on the net, I thought I'd
share a simple guide to set up the port forwarding side of masquerading...

this presumes you already have basic ipchains setup and simple masquerading
of internal machines installed.



PORT FORWARDING USING IPMASQADM.

?Ipmasqadm? supercedes the ?ipportfw? feature.

1 - Upgrade to Kernel 2.2.12-20 if not already up to this.

2 - cd /usr/src/linux and run ?make menuconfig?

3 - in here make sure kernel is configured to route ip, is tuned as a router
( as opposed to host ), and that ipportfw is set up as a module.

4 - download the ipmasqadm tool from the link @ www.monmouth.demon.o.uk
<http://www.monmouth.demon.o.uk>
-	current version as of may 2000 = ipmasqadm-0.4.2-3.i386.rpm
and install using the syntax: "rpm -ivh ipmasqadm-0.4.2-3.i386.rpm"

IGNORE INCORRECT EXAMPLES GIVEN ON SITE !!!

5 - EXAMPLE of telnet forwarding: ( add to your "chainfile script" - note:
must fit in with existing rules )

/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L $ext_ip 23 -R $int_ip 23

6 - run the chainfile script and test telnet to the external interface from
an external machine- should give login from destination of port redirect.

POSSIBLE ERRORS:

public interface gets corrupted:
 - re-run linuxconf and re-enter interface info.  check rpm version.

"10061" on telnet client:
- check syntax of ipmasqadm portfw entry & make sure ultimate destination is
online.

hope this helps someone !

I think I'm being brave / stupid doing this, but any questions ? - mail me
on marc@xxxxxxxxxxxxxxxxxx

good luck !


Marc Redmile-Gordon
Technical Dept.
Thermeon Europe Limited

Email : Support@xxxxxxxxxxxxxx
Support Fax : +44 (0) 20 7681 3907
Support Tel : 0906 5150908 (Premium Rate)