Chris Drauch schrieb:
tschweikle@fiducia.de schrieb:
So I need to redirect to a port on another machine! This is not possible directly with ipchains, isnt' it? Redirecting to another port on the same machine is not the problem.
AFAIK ipchains can not redirect to an other port on an other machine. But there is other software you can use to have the expected effects: rinetd. Its on CD, works seamless, only point of critic in my opinion: you'll have to specify IP-addresses in the config-file. DNS-Names are not resolved.
Another option (at least for 2.2 kernels) should be:
ipmasqadm portfw - Port-forwarding This module is able to forward to-firewall packets to internal hosts, based on address and port specification.
This wont work because portfw just can forward a port from one machine to another. So the traffic that you want to forward must have your host as destination. (eg having a Webserver in the DMZ with a private IP and do portforwarding from the Firewall with real IP to the Webserver) For a transparent proxy, you will have to redirect traffic that is normally routet through your Gateway. I guess this isn't called portforwarding. It's a combination between Packet filtering and policy based Routing: Mark your http packets on your Internet Gateway(with ipchains -m) and insert a routing rule (with iproute 2) wich routes this packets through your machine with the transparent proxy. On your machine with the transparent proxy, you can redirect the traffic via ipchains. AFAIK, there is a section about this in the Advanced Routing Howto.
see: http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html
f.ex: ipmasqadm portfw -a -P tcp -L your.ext.ip smtp -R your.smtp.host smtp
You still need ipchains to reverse masquerade: ipchains -I forward -p tcp -s your.smtp.host smtp -j MASQ
Sven