Thank you for your hint, but the command-line you told doesn't work. The system keeps complaining (unknowg arg --dport). I also tried out the long version --destination-port with the same result. I looked at the manpage and found that iptables should know this argument, so there seems to be a syntax error. Anyone has an idea what is wrong and how the correct syntax is ? thx. Stephan -----Ursprungliche Nachricht----- Von: Andreas Baetz [mailto:andreas.baetz@herma.de] Gesendet: Mittwoch, 9. Januar 2002 08:39 An: suse-security@suse.com Betreff: Re: [suse-security] Re: Masquerading unter Kernel 2.4 On Tuesday 08 January 2002 11:30, OKDesign oHG Security Administrator wrote:
And one last question (okay, at least by now *g*): How do I tell linux to forward requests to a specific port to a specific machine in the LAN ? With Kernel 2.2 I used ipmasqadm, but this order is also unknown to Kernel 2.4...
Look for DNAT in "man iptables". On your firewall machine you could try : "iptables -t nat -A PREROUTING -i <ext_IF_of_firewall> -d <ip_of_firewall> --dport <desired_port> -j DNAT --to-destination <ip_of internal_machine>" Of course all packets need to be forwarded. And masq the replys from the internal machine: "iptables -t nat -A POSTROUTING -o <ext_IF_of_firewall> -s <ip_of internal_machine> --sport <desired_port> -j MASQ" These are general rules, you could narrow them with specific proto, source etc. And you should work with "-m state", because that's the most important improvement in iptables, IMHO. Andreas Baetz ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. ********************************************************************** -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com