[pptp-server] Accessing a web server on an internal masq machine

Jerry Vonau jvonau at home.com
Sat Oct 14 10:05:17 CDT 2000


Hi Charles:

Please see:

ipchains-list at east.balius.com

That is the IPchains list.

I build my chains by hand based on David Ranch's trinityos scripts.
It sould work, but with out seeing the rules, it is hard to tell

Jerry


Jerry



Charles Sinsofsky wrote:

>
>
> Hello,
>         I know i must be missing something here but let me present a
> scenario that I am building using your firewall / script engine.
>
>         1) I have a working VPN, with Poptop, and two nic cards. I
> have the mppe patches installed, works all fine and dandy. Able login
> users they can then find internal machines, and then can use
> ms-exchange no problem works great.
>
>         2) I have setup your seawall.conf for 'strong' firewall.
>
>         3) I have an entry into 'servers' file in the
> /etc/seawall/servers file that contains the location of my 'web
> server' sitting on the internal lan. ie: 192.xx address.
>
>         4) Now I have ipmasqadm installed, i also have full portfw
> modules created and in the kernel they all work fine.
>
>         Q) Here is my problem, how does one use the 'public' side of
> the masq machine to call the web server when the firewall prevents
> anyone from seeing the public ip address in the first place:
>
>         For instance:   say my web server is on ip: 192.168.10.4
> (example only)
>                             my firewall / poptop / masq machine has ip
> internal: 192.168.10.1
>
>
> ip external: 216.94.165.50
>         (these are example ip's only not valid)
>
>         Now if I were to define a www.mywebsite.com   to point to
> 216.94.165.50
>
>         the ipmasqadm portfw  would translate that to 192.168.10.4, as
> i included in the servers file. You give an excellent example in the
> documentation for the seawall site.
>
>         But here lies the problem, I can not even see '216.94.165.50'
> because this ip is blocked by the firewall. Am I missing something
> here? how would an internal web server work?
>
>         I know if I establish a VPN tunnel i could easily see the
> 192.168.10.4 machine without the need for portforwarding, I have tried
> this it works fine because I am now basically on the lan, BUT for
> external users who are not VPN'ing into my machine but I do want them
> to see the web server (I would consider placing it into a DMZ) but the
> same problem arises, I can not see the public IP side of the server
> from the internet so I can not see the web server or for that matter
> the masq machine to forward the packets to??
>
>         Any help would be greatly appreciated...I hope I explained
> myself well enough...I really find your seawall/conf setup to be
> excellent and easy to work with. I understand the ipmasqadm portfw
> utility, and built what the sever / firewall scripts do automatically
> by hand, but I do not understand how to make the public IP address
> receive a web request!
>
>  - Charles Sinsofsky
>    Systems Architect - FCI




More information about the pptp-server mailing list