On Wed, 9 May 2001 14:26:00 +0200 "Greisberger Christophe" <greisby@zenon-media.com> wrote:

Hi!

I have 4 web servers, and want to move them behind a firewall. I want to give their IP to the firewall, and then redirect the incoming requests to the servers, which would have non-official IP addresses (e.g. 192.168.0.x) Is there any possibility to do this with SuSEfirewall2?

I dunno how to set SuSEfirewall up to do this but rinetd can do it. It listen on any ports you configure then redirects packets to specified IPs.

Backward masquerading doesn't allow to specify interfaces, so that the traffic on one interface would be redirected to an IP, and the traffic on another interface should be redirected to another one.

Else, is there any possibility to add user rules to SuSEfirewall? I think that something like this should work, right?

iptables -t nat -A POSTROUTING -o eth1 \ --to-source <public_address_1>:80 --to-destination <private_addr_1>:80 -j SNAT

Thanks in advance Christophe

HTH, regards... -- Jean-François Bocquet <tns@e-chaos.dyndns.org> =======================+ http://tns01.free.fr | =================================+ ··· proud Linux User #177410| -----BEGIN GEEK CODE BLOCK------ +------------------------------------+ Version: 3.12 Comment: For info see http://www.geekcode.com GCS/S d-- s:+ a- C++ UL+>++ P+ L+++>++++ E W++ N+ o+ K- !w O? M? V? PS PE- Y+ PGP+ t+ 5? X++ R tv++ b+ DI- D+ G e+ h! r-- y? ------END GEEK CODE BLOCK------

On Wed, 9 May 2001 14:26:00 +0200 "Greisberger Christophe" <greisby@zenon-media.com> wrote:

Hi!

I have 4 web servers, and want to move them behind a firewall. I want to give their IP to the firewall, and then redirect the incoming requests to the servers, which would have non-official IP addresses (e.g. 192.168.0.x) Is there any possibility to do this with SuSEfirewall2?

I dunno how to set SuSEfirewall up to do this but rinetd can do it. It listen on any ports you configure then redirects packets to specified IPs.

Backward masquerading doesn't allow to specify interfaces, so that the traffic on one interface would be redirected to an IP, and the traffic on another interface should be redirected to another one.

Else, is there any possibility to add user rules to SuSEfirewall? I think that something like this should work, right?

iptables -t nat -A POSTROUTING -o eth1 \ --to-source <public_address_1>:80 --to-destination <private_addr_1>:80 -j SNAT

Thanks in advance Christophe

HTH, regards... -- Jean-François Bocquet <tns@e-chaos.dyndns.org> =======================+ http://tns01.free.fr | =================================+ ··· proud Linux User #177410| -----BEGIN GEEK CODE BLOCK------ +------------------------------------+ Version: 3.12 Comment: For info see http://www.geekcode.com GCS/S d-- s:+ a- C++ UL+>++ P+ L+++>++++ E W++ N+ o+ K- !w O? M? V? PS PE- Y+ PGP+ t+ 5? X++ R tv++ b+ DI- D+ G e+ h! r-- y? ------END GEEK CODE BLOCK------