On Sat, 21 Feb 2009 10:37:59 David C. Rankin wrote:
Listmates:
I guess this situation is a port forwarding situation, but I'm not sure how to attack the problem. I have a limited number of IP entries in my router that I can use to forward traffic through to other machines on my office LAN from the outside. I need to learn how to setup ports on my primary server that will send/receive information to and from other computers on the lan. What is the best way to do this?
In the past the only experience I have had with this is ssh port forwarding to forward X or reach other machines behind the router. Is that what I need to do even though the traffic isn't ssh?
Do I need to set up IP tables? Can I do that with SuSEfirewall?
The layout I need is like this:
internet server port:12344 <==============>[ ]<----------------->[ ] client1 port:12345
|\ | \<---------------->[ ] client2 port:12346 |\ | \<---------------->[ ] client3 port:12347
[ ] client4 port:12348
What mechanism do I need to go learn so that I can set up something like this generically without relying on ssh only?
David, IPtables is what you're looking for. I don't know if you can setup port forwarding rules using Yast/SuSEFirewall as I've never actually used that. I use my router's firewall and prior to that I used IPCop. You may run into problems though if you're trying to do multiple levels of port forwarding (i.e. from the router -> server -> clients). I've tried that here with my Belkin VoIP router/DSL modem forwarding to my Linksys WRT54GL wireless router (running HyperWRT firmware) and then to the clients on the LAN; so far I've not been able to make it work (but I haven't tried too hard to debug it, either). For sorting it out, wireshark will be your friend. BTW, IPCop is a firewall-specific distro that is well worth checking out for a dedicated firewall machine. It uses IPtables but adds a web front end for management and its functionality can be easily extended to add things like squid (web proxy), content filtering (a couple of options) and lots of others. The web front end makes it easy to set up quite complex ip tables configurations and you can always ssh into it to massage the config files manually if need be. Regards, Rodney. -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au ===================================================