Argentium,
As far as I can tell, the SuSEfirewall script will not forward ports
to another machine. It will redirect ports to a different port on the
same machine. My quick and dirty solution is to just insert the lines
below near the end of the script. When I get a little time, I intend
to make a better solution.
# FIXME: kludge for SSH and HTTP redirection
test "$1" = start && {
ipmasqadm mfw -F # flush rules
$IPCHAINS -I input -j "$ACCEPT" -p tcp -i eth0 --dport 61222 --mark 1 -l -y
ipmasqadm mfw -I -m 1 -r 172.20.10.18 ssh
$IPCHAINS -I input -j "$ACCEPT" -p tcp -i eth0 --dport 61223 --mark 2 -l -y
ipmasqadm mfw -I -m 2 -r 172.20.10.24 80
exit 0
}
This redirects 61222 on the firewall (eth0) to SSH on 172.20.10.18,
similarly port 61223 goes to the Web server on 172.20.10.24.
HTH,
Jeffrey
Quoting Argentium G. Tiger
Jeffrey Taylor writes:
The IPchains package does this. I use the ipchain mark option and "ipmasqadm mfw" command to forward ports on my firewall to internal servers (Apache and SSH). Works like a champ.
Could you provide actual examples? I've been trying to use Marc Heuse's SuSEfirewall package (4.0) to do this, and I've been having no luck/joy with forwarding individual ports on the firewall to specific machines on the internal masqueraded network behind the firewall. I can't figure out what I'm doing wrong. :-( Even Marc says it should work with some of the sample configs I've sent over to him.
I'm wondering if /etc/hosts.allow and /etc/hosts.deny have something to do with the problem.
Argentium
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq