Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] Transparent proxy ...
  • From: Chris Drauch <cdr@xxxxxxxxxxx>
  • Date: Mon, 05 Feb 2001 17:15:02 +0100
  • Message-id: <3A7ED186.62C42D85@xxxxxxxxxxx>
tschweikle@xxxxxxxxxx schrieb:
>
> > So I need to redirect to a port on another machine! This is not
> > possible directly with ipchains, isnt' it?
> > Redirecting to another port on the same machine is not the problem.
>
> AFAIK ipchains can not redirect to an other port on an other machine. But
> there is other software you can use to have the expected effects: rinetd.
> Its on CD, works seamless, only point of critic in my opinion: you'll have
> to specify IP-addresses in the config-file. DNS-Names are not resolved.

Another option (at least for 2.2 kernels) should be:

ipmasqadm portfw - Port-forwarding
This module is able to forward to-firewall packets to
internal hosts, based on address and port specification.

see: http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html

f.ex: ipmasqadm portfw -a -P tcp -L your.ext.ip smtp -R your.smtp.host smtp

You still need ipchains to reverse masquerade:
ipchains -I forward -p tcp -s your.smtp.host smtp -j MASQ

-cdr

< Previous Next >
Follow Ups
References