Re: ipchains and port forwarding

["Martin A. Brown" <mabrown-firewall-wizards () securepipe com>]

Robert,

Can you use iptables?  It'll be much easier with iptables:

  iptables -t nat -A PREROUTING -d 216.12.331.x -p tcp --dport 80 \
    -j DNAT --to-destination 192.168.0.10
  iptables -t filter -A FORWARD -d 192.168.0.10 -p tcp --dport 80 \
    -j ACCEPT

  for PORT in 25 110 ; do
    iptables -t nat -A PREROUTING -d 216.12.331.x -p tcp --dport $PORT \
      -j DNAT --to-destination 192.168.0.20
    iptables -t filter -A FORWARD -d 192.168.0.20 -p tcp --dport $PORT \
      -j ACCEPT
  done

Do you still want to use ipchains?  Do you have more than one IP?  Do you
want to do static NAT?  iproute2 is your friend:

  ip route add nat 216.12.31.Y via 192.168.0.10
  ip rule add nat 216.12.31.Y from 192.168.0.10

  ip route add nat 216.12.31.Z via 192.168.0.20
  ip rule add nat 216.12.31.Z from 192.168.0.20

  # -- add some ipchains here

I have some iproute2 help available here:

  http://linux-ip.net/html/
  http://linux-ip.net/html/nat-stateless.html

Do you still want to use ipportfw?  Ick.  I can't help you much there.

Ciao, good luck,

-Martin

 : Hey guys!!
 : I have just installed a dsl line and need to rebuild a firewall. I have
 : decided to use ipchains and have a need to forward www and mail access
 : into the private side of the new firewall. I am familiar with ipportfw
 : and ipautofw commands. Is this all I need to do to get access to my web
 : and mail server?
 :
 : ex: isp addr 216.12.31.x
 : internal net : 192.168.0.x
 : web server: 192.168.0.10
 : mailserver: 192.168.0.20
 :
 : rules I've tried:
 : /sbin/ipmasqadm portfw -a -P tcp -L 192.168.0.1 80 -R 192.168.0.10 80 -p 100
 :
 : Thanks!!
 :

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown () securepipe com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards