Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux firewall help...

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 13 Aug 2000 10:41:56 -0400 (EDT)

Daniel,

I can't help but think the advice given by Keith Morgan to Wes Chalfant 
about using ipmasqadm/portfw a day or two ago in this list would help you.
The list archives should have this, the subject line was:

RE: [fw-wiz] Linux rinetd and NT IIS logging (synch)

Thanks,

Ron DuFresne

On Sat, 12 Aug 2000, Daniel Linder wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok, first off let me apologize for asking quite basic questions, but
I have run out of on-line options to study.

      I'm currently tasked with configuring a Linux firewall (two network
cards,  one with a "live" IP address, and one with an RFC 1918
address).  The firewall will be configured to listen to two
additional IP addresses and re-direct specific incoming ports to two
servers hidden on the internal network.  I have the multiple IP
addresses setup on the firewall, and I have setup my home Linux
firewall to do Masquerading so I think that is going to go well, but
what I need help with is the redirection part.  (FYI, I am using an
old Pentium with Mandrake 7.1 installed, 2.2.16 kernel.)

      From reading the IPChains HOWTO file, it appears that the "-j
REDIRECT" chain only redirects to a port on the FIREWALL, not to
another system.  If someone could show me how to redirect a
connection to "real IP Address A, Port X" to the "hidden 10.0.0.1,
Port X" I would be really happy!  (If it helps, the ports are HTTP,
HTTPS, PCAnywhere, and FTP, but all I really need is a boiler plate
for the inbound redirection.)

      As a side note, will the reply packet sent back out to the Internet
come from the firewall, or is it possible to setup a "Static NAT"
between the aliased IP address and the internal IP address of the
server?

      If this is too complicated, can someone show me an example that
takes and re-directs EVERYTHING through from address X to address Y
(a simple, two-way static NAT)?

Dan

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOZXIGGAbmmZFgUT8EQKeDACfeIyAhNxiKWtgzti3+WeElzVzfy0AoIHK
9OcVP88b7FkqnUEYva/2Ct9g
=ejx3
-----END PGP SIGNATURE-----


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!





_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: