Hi all Using SuSE 7.3 I am trying to setup my firewall so that it will forward

----- Original Message ----- From: "Andre Vorster" <andre.vorster@businessprint.co.za> To: "Suse-Security (E-Mail) (E-mail)" <suse-security@suse.com> Sent: Wednesday, December 18, 2002 1:31 PM Subject: [suse-security] ppp0 to internal network port

23 (telnet) to unix server on the internal net. If I dial into my linux box via ppp0. My linux server has two LAN card eth1 - ext & eth0 - int & then the ppp0 dial-up that needs to forward to eth0. I am using my server as a web & mailserver. Can somebody please help. Andre Vorster Business Print Centre Tel: 012 349 2295 Fax: 012 349 2299

ok now i dont know what u called the zone for the ppp0, but lets assume its name is "dial" then you have in your interfaces file a line for the ppp0 interface, we will call that dial for example: according to your setup: #ZONE INTERFACE BROADCAST OPTIONS int eth0 ext eth1 dial ppp0 - norfc1918 #example for your ppp0 dial interface on your firewall, options as you wish... thank you need further a line in your rules file: #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST DNAT dial int:ipofyourunixservertotelnetto tcp 23 # redirect port 23 (telnet port) to your ip-of-your-unixserver-to-telnet-to did i get this correct? your firewall box extablishes a ppp0 connection to the inet some way, via callback, remote trigger, scheduled calls whatever? and after that you could telnet to the ip of your firewall box and it would forward your telnet request to the inside to your unix box... right? so telnet myfirewallbox.myzone.com would end up on myunixbox.internal.myzone.com maybe this helps? regards, andy

Hi You need a PREROUTING rule in the nat table. iptables -A PREROUTING -t nat -i ppp0 -p tcp -d 4.3.2.1 --dport 23 -j DNAT --to-destination 1.2.3.4:23 4.3.2.1 is an ip on your linux server. 1.2.3.4 is your unix server's ip. You may also need some forwarding rules: iptables -A FORWARD -o eth0 -d 1.2.3.4 --dport 23 -j ACCEPT iptables -A FORWARD -i eth0 -s 1.2.3.4 --sport 23 -j ACCEPT Ray On Wed, 2002-12-18 at 14:31, Andre Vorster wrote:

Hi all

Using SuSE 7.3 I am trying to setup my firewall so that it will forward port 23 (telnet) to unix server on the internal net. If I dial into my linux box via ppp0.

My linux server has two LAN card eth1 - ext & eth0 - int & then the ppp0 dial-up that needs to forward to eth0.

I am using my server as a web & mailserver.

Can somebody please help.

Andre Vorster Business Print Centre Tel: 012 349 2295 Fax: 012 349 2299

-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ( Raymond Leach ) ) Knowledge Factory ( ( ) ) Tel: +27 11 445 8100 ( ( Fax: +27 11 445 8101 ) ) ( ( http://www.knowledgefactory.co.za/ ) ) http://www.saptg.co.za/ ( ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ o o o o .--. .--. | o_o| |o_o | | \_:| |:_/ | / / \\ // \ \ ( | |) (| | ) /`\_ _/'\ /'\_ _/`\ \___)=(___/ \___)=(___/