On Jan 30 at 11:46, my computer said Alexander K�hn said:
Hi all, I have a little LAN with a SuSE 6.4 Server as gateway, within my LAN I have a NT box with IIS, I want to be able to access the the httpd on the NT box from the internet by specifying some port on my gateway. I have firewals-2.1-5 installed and all clients in my LAN have unlimited access to the internet and to the gateway. I tried configuring the redirection, but seems to me like this only works when the NT box has an public IP, but it has not not, an will never have. So is it possible to do it with the firewall or do I have to fiddle with ipchains ? Thanks & regards, Nagilum.
One way to do this is to use squid as an HTTP `accellerator'. I set this up today (much to my suprise). Squid sits on the firewall and looks like a web server to the world on port 80. If you install it and search the config file for 'accel' in squid.conf you should get it more or less set up. There are a few gotchas though. The squid23 package that comes with SuSE 7 (yep, I know you said 6.4) has a security bug when used as an accellerator. It is impossible to stop it from being abused by the world to bypass porn-blocking proxies, while simultaneously allowing access to your `accellerated' host. You will need to get squid 2.4. (And if you compile from source, you may end up without dnsserver processes if you don't ./configure with --disable-internal-dns ) Another security gotcha is that your happy server will tell the world it's private ip address. When a url such as http://172.16.3.2/directory is requested, it may send a message like Location: http://172.16.3.2/directory/ -- which is a bit of a let-down (IIS 3 does this) (yep, that's what they were using). I have a sneaky suspicion that I would have been out of there by 2pm if I had used ipportfw ... if that network card had been working ... if I was smarter ... &:-) -- [1]+ Stopped fdformat /dev/hda