[opensuse] Howto Use/Relay Ports to Connect to Other Computers from Outside?
Listmates: I guess this situation is a port forwarding situation, but I'm not sure how to attack the problem. I have a limited number of IP entries in my router that I can use to forward traffic through to other machines on my office LAN from the outside. I need to learn how to setup ports on my primary server that will send/receive information to and from other computers on the lan. What is the best way to do this? In the past the only experience I have had with this is ssh port forwarding to forward X or reach other machines behind the router. Is that what I need to do even though the traffic isn't ssh? Do I need to set up IP tables? Can I do that with SuSEfirewall? The layout I need is like this: internet server port:12344 <==============>[ ]<----------------->[ ] client1 port:12345 |\ | \<---------------->[ ] client2 port:12346 |\ | \<---------------->[ ] client3 port:12347 [ ] client4 port:12348 What mechanism do I need to go learn so that I can set up something like this generically without relying on ssh only? Thanks! -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 21 Feb 2009 10:37:59 David C. Rankin wrote:
Listmates:
I guess this situation is a port forwarding situation, but I'm not sure how to attack the problem. I have a limited number of IP entries in my router that I can use to forward traffic through to other machines on my office LAN from the outside. I need to learn how to setup ports on my primary server that will send/receive information to and from other computers on the lan. What is the best way to do this?
In the past the only experience I have had with this is ssh port forwarding to forward X or reach other machines behind the router. Is that what I need to do even though the traffic isn't ssh?
Do I need to set up IP tables? Can I do that with SuSEfirewall?
The layout I need is like this:
internet server port:12344 <==============>[ ]<----------------->[ ] client1 port:12345
|\ | \<---------------->[ ] client2 port:12346 |\ | \<---------------->[ ] client3 port:12347
[ ] client4 port:12348
What mechanism do I need to go learn so that I can set up something like this generically without relying on ssh only?
David, IPtables is what you're looking for. I don't know if you can setup port forwarding rules using Yast/SuSEFirewall as I've never actually used that. I use my router's firewall and prior to that I used IPCop. You may run into problems though if you're trying to do multiple levels of port forwarding (i.e. from the router -> server -> clients). I've tried that here with my Belkin VoIP router/DSL modem forwarding to my Linksys WRT54GL wireless router (running HyperWRT firmware) and then to the clients on the LAN; so far I've not been able to make it work (but I haven't tried too hard to debug it, either). For sorting it out, wireshark will be your friend. BTW, IPCop is a firewall-specific distro that is well worth checking out for a dedicated firewall machine. It uses IPtables but adds a web front end for management and its functionality can be easily extended to add things like squid (web proxy), content filtering (a couple of options) and lots of others. The web front end makes it easy to set up quite complex ip tables configurations and you can always ssh into it to massage the config files manually if need be. Regards, Rodney. -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au ===================================================
Rodney Baker wrote:
On Sat, 21 Feb 2009 10:37:59 David C. Rankin wrote:
Listmates:
I guess this situation is a port forwarding situation, but I'm not sure how to attack the problem. I have a limited number of IP entries in my router that I can use to forward traffic through to other machines on my office LAN from the outside. I need to learn how to setup ports on my primary server that will send/receive information to and from other computers on the lan. What is the best way to do this?
In the past the only experience I have had with this is ssh port forwarding to forward X or reach other machines behind the router. Is that what I need to do even though the traffic isn't ssh?
Do I need to set up IP tables? Can I do that with SuSEfirewall?
The layout I need is like this:
internet server port:12344 <==============>[ ]<----------------->[ ] client1 port:12345
|\ | \<---------------->[ ] client2 port:12346 |\ | \<---------------->[ ] client3 port:12347
[ ] client4 port:12348
What mechanism do I need to go learn so that I can set up something like this generically without relying on ssh only?
David,
IPtables is what you're looking for. I don't know if you can setup port forwarding rules using Yast/SuSEFirewall as I've never actually used that. I use my router's firewall and prior to that I used IPCop.
SuseFirewall can do this stuff for you. Its a basic NAT setup. I find Shorewall far easier to manage and more flexible than SuseFirewall and adding an inbound route is usually one line of text in a plain text file. (I know, its old school, sue me!). Shorewall.net Its an excellent package. Glad to help off-list if you need it David. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
[My apologies to John for the earlier, direct reply, it was mend to go to the list). John Andersen wrote:
Rodney Baker wrote:
On Sat, 21 Feb 2009 10:37:59 David C. Rankin wrote:
Listmates:
I guess this situation is a port forwarding situation, but I'm not sure how to attack the problem. I have a limited number of IP entries in my router that I can use to forward traffic through to other machines on my office LAN from the outside. I need to learn how to setup ports on my primary server that will send/receive information to and from other computers on the lan. What is the best way to do this? [..]
IPtables is what you're looking for. I don't know if you can setup port forwarding rules using Yast/SuSEFirewall as I've never actually used that. I use my router's firewall and prior to that I used IPCop.
SuseFirewall can do this stuff for you. Its a basic NAT setup.
I find Shorewall far easier to manage and more flexible than SuseFirewall and adding an inbound route is usually one line of text in a plain text file. (I know, its old school, sue me!).
Shorewall.net Its an excellent package. Glad to help off-list if you need it David.
I fully agree. Shorewall is very much easier to maintain and do off-track things with. Plus: it's IPv6 capable now, which SuseFW isn't (yet?). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David C. Rankin wrote:
Listmates:
I guess this situation is a port forwarding situation, but I'm not sure how to attack the problem. I have a limited number of IP entries in my router that I can use to forward traffic through to other machines on my office LAN from the outside.
In iptables-speak that is called destination NAT or just DNAT.
I need to learn how to setup ports on my primary server that will send/receive information to and from other computers on the lan. What is the best way to do this?
Enable IP forwarding. /Per -- Per Jessen, Zürich (4.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
David C. Rankin -
John Andersen -
Per Jessen -
Rodney Baker -
Theo van Werkhoven