Firewall Wizards mailing list archives
Re: Linux firewall help...
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 13 Aug 2000 10:41:56 -0400 (EDT)
Daniel, I can't help but think the advice given by Keith Morgan to Wes Chalfant about using ipmasqadm/portfw a day or two ago in this list would help you. The list archives should have this, the subject line was: RE: [fw-wiz] Linux rinetd and NT IIS logging (synch) Thanks, Ron DuFresne On Sat, 12 Aug 2000, Daniel Linder wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok, first off let me apologize for asking quite basic questions, but I have run out of on-line options to study. I'm currently tasked with configuring a Linux firewall (two network cards, one with a "live" IP address, and one with an RFC 1918 address). The firewall will be configured to listen to two additional IP addresses and re-direct specific incoming ports to two servers hidden on the internal network. I have the multiple IP addresses setup on the firewall, and I have setup my home Linux firewall to do Masquerading so I think that is going to go well, but what I need help with is the redirection part. (FYI, I am using an old Pentium with Mandrake 7.1 installed, 2.2.16 kernel.) From reading the IPChains HOWTO file, it appears that the "-j REDIRECT" chain only redirects to a port on the FIREWALL, not to another system. If someone could show me how to redirect a connection to "real IP Address A, Port X" to the "hidden 10.0.0.1, Port X" I would be really happy! (If it helps, the ports are HTTP, HTTPS, PCAnywhere, and FTP, but all I really need is a boiler plate for the inbound redirection.) As a side note, will the reply packet sent back out to the Internet come from the firewall, or is it possible to setup a "Static NAT" between the aliased IP address and the internal IP address of the server? If this is too complicated, can someone show me an example that takes and re-directs EVERYTHING through from address X to address Y (a simple, two-way static NAT)? Dan -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOZXIGGAbmmZFgUT8EQKeDACfeIyAhNxiKWtgzti3+WeElzVzfy0AoIHK 9OcVP88b7FkqnUEYva/2Ct9g =ejx3 -----END PGP SIGNATURE----- _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: Linux rinetd and NT IIS logging (synch) Keith Morgan (Aug 11)
- Linux firewall help... Daniel Linder (Aug 12)
- Re: Linux firewall help... R. DuFresne (Aug 14)
- Re: Linux firewall help... George Bourozikas (Aug 14)
- Linux firewall help... Daniel Linder (Aug 12)