I seem to have misplaced it, but didn't someone recently mention a package/app that could be used to redirect ports internally? I have a webserver internally that I want to make available both externally and internally at the same address. Any suggestions/places to start looking? Thanks, Geordon -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
Geordon, The IPchains package does this. I use the ipchain mark option and "ipmasqadm mfw" command to forward ports on my firewall to internal servers (Apache and SSH). Works like a champ. HTH, Jeffrey Quoting Geordon VanTassle <gvantass@thecoventree.com>:
I seem to have misplaced it, but didn't someone recently mention a package/app that could be used to redirect ports internally? I have a webserver internally that I want to make available both externally and internally at the same address.
Any suggestions/places to start looking?
Thanks, Geordon
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
Jeffrey Taylor writes:
The IPchains package does this. I use the ipchain mark option and "ipmasqadm mfw" command to forward ports on my firewall to internal servers (Apache and SSH). Works like a champ.
Could you provide actual examples? I've been trying to use Marc Heuse's SuSEfirewall package (4.0) to do this, and I've been having no luck/joy with forwarding individual ports on the firewall to specific machines on the internal masqueraded network behind the firewall. I can't figure out what I'm doing wrong. :-( Even Marc says it should work with some of the sample configs I've sent over to him. I'm wondering if /etc/hosts.allow and /etc/hosts.deny have something to do with the problem. Argentium -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
Argentium, As far as I can tell, the SuSEfirewall script will not forward ports to another machine. It will redirect ports to a different port on the same machine. My quick and dirty solution is to just insert the lines below near the end of the script. When I get a little time, I intend to make a better solution. # FIXME: kludge for SSH and HTTP redirection test "$1" = start && { ipmasqadm mfw -F # flush rules $IPCHAINS -I input -j "$ACCEPT" -p tcp -i eth0 --dport 61222 --mark 1 -l -y ipmasqadm mfw -I -m 1 -r 172.20.10.18 ssh $IPCHAINS -I input -j "$ACCEPT" -p tcp -i eth0 --dport 61223 --mark 2 -l -y ipmasqadm mfw -I -m 2 -r 172.20.10.24 80 exit 0 } This redirects 61222 on the firewall (eth0) to SSH on 172.20.10.18, similarly port 61223 goes to the Web server on 172.20.10.24. HTH, Jeffrey Quoting Argentium G. Tiger <agtiger@kc.rr.com>:
Jeffrey Taylor writes:
The IPchains package does this. I use the ipchain mark option and "ipmasqadm mfw" command to forward ports on my firewall to internal servers (Apache and SSH). Works like a champ.
Could you provide actual examples? I've been trying to use Marc Heuse's SuSEfirewall package (4.0) to do this, and I've been having no luck/joy with forwarding individual ports on the firewall to specific machines on the internal masqueraded network behind the firewall. I can't figure out what I'm doing wrong. :-( Even Marc says it should work with some of the sample configs I've sent over to him.
I'm wondering if /etc/hosts.allow and /etc/hosts.deny have something to do with the problem.
Argentium
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
Geordon VanTassle writes:
I seem to have misplaced it, but didn't someone recently mention a package/app that could be used to redirect ports internally? I have a webserver internally that I want to make available both externally and internally at the same address.
ipmasqadm I use it in my firewall script after I have done all my ipchains rules.
Any suggestions/places to start looking?
Thanks, Geordon
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
participants (4)
-
agtiger@kc.rr.com -
gvantass@thecoventree.com -
jeff.taylor@ieee.org -
jlm@compgen.com