Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] Transparent proxy ...
  • From: Chris Drauch <cdr@xxxxxxxxxxx>
  • Date: Sun, 11 Feb 2001 19:36:25 +0100
  • Message-id: <3A86DBA9.62140072@xxxxxxxxxxx>
[some parts snipped]

Sven Schultheiß schrieb:
>
> Chris Drauch schrieb:
> >
> > tschweikle@xxxxxxxxxx schrieb:
> > >
> > > > So I need to redirect to a port on another machine! This is not
> > > > possible directly with ipchains, isnt' it?
> > > > Redirecting to another port on the same machine is not the problem.
> > Another option (at least for 2.2 kernels) should be:
> >
> > ipmasqadm portfw - Port-forwarding
> > This module is able to forward to-firewall packets to
> > internal hosts, based on address and port specification.
>
> This wont work because portfw just can forward a port from one machine
> to another. So the traffic that you want to forward must have your host
> as destination. (eg having a Webserver in the DMZ with a private IP and
> do portforwarding from the Firewall with real IP to the Webserver)
> For a transparent proxy, you will have to redirect traffic that is
> normally routet through your Gateway. I guess this isn't called
> portforwarding.

Sorry Sven, but it seems that you have not understood the complete picture.
Portforwarding is exactly what I have written about. Please read again the
docs and the initial question; If a packet is already addressed f.ex.
DMZ.IP/http
you just would need correct routes - nothing more. But the inital post was
asking
about "redirect to a port on another machine!".

--cdr

< Previous Next >