Mailinglist Archive: opensuse-security (570 mails)

< Previous Next >
Re: [suse-security] using susefirewall2 for NAT
  • From: Fabricio Adorno <fabricio@xxxxxxxxx>
  • Date: Tue, 27 Jan 2004 09:01:36 -0200
  • Message-id: <40164510.90903@xxxxxxxxx>
Why don't you go direct through iptables (I think susefirewall do it)? You can write a shell script and use the following rules:

# for web server
iptables -A INPUT -d 200.200.200.1 -p tcp --dport 80 -J DNAT --to-destination 192.127.0.2

# for mail server
iptables -A INPUT -d 200.200.200.2 -p tcp --dport 25 -J DNAT --to-destination 192.127.0.2

# for ssh server
iptables -A INPUT -d 200.200.200.3 -p tcp --dport 80 -J DNAT --to-destination 192.127.0.3

Of course you have to care about other issues.

Best,

Fabrício Adorno




Arie Reynaldi Zanahar wrote:

Hi all,

I just joint suse-security, I have using suse 82. for several months. Right now I have problem using susefirewall2 for my firewall / router. I'd like to change my network topology from this

Internet
|
| ---------- Web Server 200.200.200.1
| ---------- Mail Server (qmail) 200.200.200.2
| ---------- SSH server 200.200.200.3
SuseFirewall2
|
|
LAN

To This :
Internet
|
|
|
SuseFirewall (200....1 for web and SSH, 200...2 for mail )
|
|----------- Web Server 192.127.0.2
|----------- SSH server 192.127.0.3
LAN
With this case, if someone go to 200.200.200.1 port 80, will forwarded to my internal webserver 192.127.0.2, and if they use SSH to that IP, it will go to my SSH server.
Right now I use astaro secure linux 4 as my firewall and I use NAT for this purpose. With SuSEFirewall2, how can I use it ? I've read EXAMPELS, FAQ and search the web but I still got no clue. If someone can point me examples or documentation to do that, I'd be more greatful.. :)

regards,




< Previous Next >