Hi Guys, i have this situation I have 1 web server running IIS and is behind a firewall that runs on SuSE :) In the firewall i have running a proxy software who redirects all trafic from the port 80 to port 80 on my web server. It works fine to protect the IIS box, but the logs have only the ip number of the firewall machine. Can i with ipchains redirect the traffic as i do with the proxy software?? and if it's possible, the web server logs will capture the real ip of the visitors?? Thanks a lot !! Alfredo
You can't do that with ipchains alone. You can do it with iptables with the
2.4 kernel. For 2.2 kernels you have to use ipmasqadm. For example:
/usr/sbin/ipmasqadm portfw -a -P tcp -L 192.168.0.10 80 -R 192.168.0.3 80
This line would create a forwarding rule from the proxy (at:
192.168.0.10:80 ) to a web server at ip: 192.168.0.3. Needless to say, your
kernel must have been compiled to support this. For udp you have to
substitute udp for tcp on the line. I used a similar rule to allow napster
connections back in the day.
John
----- Original Message -----
From: " Alfredo Flores H."
Hi Guys, i have this situation
I have 1 web server running IIS and is behind a firewall that runs on SuSE :)
In the firewall i have running a proxy software who redirects all trafic from the port 80 to port 80 on my web server. It works fine to protect the IIS box, but the logs have only the ip number of the firewall machine.
Can i with ipchains redirect the traffic as i do with the proxy software?? and if it's possible, the web server logs will capture the real ip of the visitors??
Thanks a lot !!
Alfredo
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
A good solution to this is rinetd. This will allow you to pass a port to a
different ip address and maintain the real source address I believe. Let me
know if this works for you.
If you have any questions email me direct.
Lary Holland
President/CEO
"The Total Solution Provider" -TSP
-------------------------
http://www.fli-online.com
http://www.planet-isp.net
-------------------------
-----Original Message-----
From: John Scott [mailto:J-Scott@t-online.de]
Sent: Tuesday, August 07, 2001 4:55 PM
To: suse-linux-e@suse.com
Subject: Re: [SLE] Ipchains redirecction
You can't do that with ipchains alone. You can do it with iptables with the
2.4 kernel. For 2.2 kernels you have to use ipmasqadm. For example:
/usr/sbin/ipmasqadm portfw -a -P tcp -L 192.168.0.10 80 -R 192.168.0.3 80
This line would create a forwarding rule from the proxy (at:
192.168.0.10:80 ) to a web server at ip: 192.168.0.3. Needless to say, your
kernel must have been compiled to support this. For udp you have to
substitute udp for tcp on the line. I used a similar rule to allow napster
connections back in the day.
John
----- Original Message -----
From: " Alfredo Flores H."
Hi Guys, i have this situation
I have 1 web server running IIS and is behind a firewall that runs on SuSE :)
In the firewall i have running a proxy software who redirects all trafic from the port 80 to port 80 on my web server. It works fine to protect the IIS box, but the logs have only the ip number of the firewall machine.
Can i with ipchains redirect the traffic as i do with the proxy software?? and if it's possible, the web server logs will capture the real ip of the visitors??
Thanks a lot !!
Alfredo
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
participants (3)
-
Alfredo Flores H. -
J-Scott@t-online.de -
Lary Holland