Problem with port forwarding

We currently have a setup like this:

Firewall-Mail server dual homed. Machines on the internal network are setup to go to a proxy of 192.168.1.2 port 8002. Due to server load we moved the caching-filter service off the 192.168.1.2 server to another dedicated server on the same network about 4-5 years ago. This server runs Dansguardian-Squid and is on 192.168.1.50 port 8080. With iptables the 192.168.1.2:8002 was forwarded to 192.168.1.50:8080. This works beautiful, and has for 5 years.

We are upgrading to SmoothWall School Guardian and have it installed on another server within the 192.168.1.* network for testing. When we try to forward the port to the new server it doesn't work on any other network than the one it's on via the forwarded port. You can however connect directly to the server (proxy directly set to the SmoothWall Server) from other networks, ping the server, etc. I thought the kernel settings or iptables on the SmoothWall server could have been interfering so I disabled the firewall temporarly on it and set allow on inputs-outputs etc. I then looked inproc-sys-net-ipv4 and changed various redirect setting to allow redirects. Nothing seems to work. I'm sure it's something very simple that I'm missing.

What Linux distro is best for development
Huh? You need to state exactly where the problem is before you can receive solutions. Once again, there is very little difference...

Basically I can connect from other internal networks on for example Internet Explorer with a proxy setting of 192.168.1.50:8002 (direct connection to the smoothwall server) but not from the redirect 192.168.1.2:8002 from other internal networks (exp: 192.168.20.*). If a computer is on the same network exp: 192.168.1.* it can be forwarded and works ok. I have the nat settings correct because I can forward ports to other servers ports with no problems.

I did a tcpdump on the smoothwall server with a browser proxy set to 192.168.1.2:8002 on another internal network and it shows the packets coming in from the forwarded port but the smoothguardian logs show no history of the computer contacting it.

I could change the browser proxy on all computers to the new proxy ip, but there are over 3,000 computers at 22 different locations that will have to be changed and most are not managed yet. That's basically why it's being forwarded.

Thanks for any help, sorry so long.

Booting from a USB stick 1688
On Thu, 22 Jun 2006 13:39:02 +0000, me2 Caveat: I haven't done this using flash, but I plan to do so in the near future. If these instructions don't help you, then maybe...

Booting from a USB stick 1689
On Thu, 22 Jun 2006 09:33:14 -0600, Douglas Mayne I have now verified this method works. I have added a couple of extra notes (in the name of not causing someone to beat...

Mike

List | Previous | Next

Booting from a USB stick 1688

Linux groups from Newsgroups

The #1 Usenet Provider on the Internet

Security port closing problem

PLEX86 x86- Virtual Machine (VM) Program


	Plex86 \| CVS \| Mailing List \| Download \| Linux \| Newsgroups

		Problem with port forwarding We currently have a setup like this: Firewall-Mail server dual homed. Machines on the internal network are setup to go to a proxy of 192.168.1.2 port 8002. Due to server load we moved the caching-filter service off the 192.168.1.2 server to another dedicated server on the same network about 4-5 years ago. This server runs Dansguardian-Squid and is on 192.168.1.50 port 8080. With iptables the 192.168.1.2:8002 was forwarded to 192.168.1.50:8080. This works beautiful, and has for 5 years. We are upgrading to SmoothWall School Guardian and have it installed on another server within the 192.168.1.* network for testing. When we try to forward the port to the new server it doesn't work on any other network than the one it's on via the forwarded port. You can however connect directly to the server (proxy directly set to the SmoothWall Server) from other networks, ping the server, etc. I thought the kernel settings or iptables on the SmoothWall server could have been interfering so I disabled the firewall temporarly on it and set allow on inputs-outputs etc. I then looked inproc-sys-net-ipv4 and changed various redirect setting to allow redirects. Nothing seems to work. I'm sure it's something very simple that I'm missing. What Linux distro is best for development Huh? You need to state exactly where the problem is before you can receive solutions. Once again, there is very little difference... Basically I can connect from other internal networks on for example Internet Explorer with a proxy setting of 192.168.1.50:8002 (direct connection to the smoothwall server) but not from the redirect 192.168.1.2:8002 from other internal networks (exp: 192.168.20.). If a computer is on the same network exp: 192.168.1. it can be forwarded and works ok. I have the nat settings correct because I can forward ports to other servers ports with no problems. I did a tcpdump on the smoothwall server with a browser proxy set to 192.168.1.2:8002 on another internal network and it shows the packets coming in from the forwarded port but the smoothguardian logs show no history of the computer contacting it. I could change the browser proxy on all computers to the new proxy ip, but there are over 3,000 computers at 22 different locations that will have to be changed and most are not managed yet. That's basically why it's being forwarded. Thanks for any help, sorry so long. Booting from a USB stick 1688 On Thu, 22 Jun 2006 13:39:02 +0000, me2 Caveat: I haven't done this using flash, but I plan to do so in the near future. If these instructions don't help you, then maybe... Booting from a USB stick 1689 On Thu, 22 Jun 2006 09:33:14 -0600, Douglas Mayne I have now verified this method works. I have added a couple of extra notes (in the name of not causing someone to beat... Mike List \| Previous \| Next



		Booting from a USB stick 1688 Linux groups from Newsgroups The #1 Usenet Provider on the Internet Security port closing problem