On Tuesday 08 January 2002 11:30, OKDesign oHG Security Administrator wrote:
And one last question (okay, at least by now *g*): How do I tell linux to forward requests to a specific port to a specific machine in the LAN ? With Kernel 2.2 I used ipmasqadm, but this order is also unknown to Kernel 2.4...
Look for DNAT in "man iptables". On your firewall machine you could try : "iptables -t nat -A PREROUTING -i <ext_IF_of_firewall> -d <ip_of_firewall> --dport <desired_port> -j DNAT --to-destination <ip_of internal_machine>" Of course all packets need to be forwarded. And masq the replys from the internal machine: "iptables -t nat -A POSTROUTING -o <ext_IF_of_firewall> -s <ip_of internal_machine> --sport <desired_port> -j MASQ" These are general rules, you could narrow them with specific proto, source etc. And you should work with "-m state", because that's the most important improvement in iptables, IMHO. Andreas Baetz ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. **********************************************************************