Hi, If your question is just about simple portforwarding from inet to LAN it's done with iptables -t nat -A PREROUTING -j DNAT. I just can't tell you how to do it because I havn't done it before with iptables yet. But I guess it's as simple as -j SNAT --to-source [ip.adress.youwant.tomasq] for the ipchains equivalent -j masq target. If you're not sure how packets traverse the iptables filter take a look at: http://www.knowplace.org/netfilter/ Please take a look at http://netfilter.samba.org/unreliable-guides/NAT-HOWTO to find out how. it's pretty well explained there. HTH Philipp
Hi,
I haven't got to grips with iptables - on my must do list - but there is an answer for ipchains/mark forward which may work for you.
For clarity, internet dev is ppp0, dmz is eth1
ipchains -A input -i ppp0 -d ip_of_ppp0 110 -m 110 -j ACCEPT ipmasqadm mfw -A -m 110 -r ip_of_dmz_host ipchains -A forward -i ppp0 -s ip_of_dmz_host -j MASQ
You can choose any mark you wish. I tend to make it meaningful if I can. The last liner may seem a bit strange but it is essential for mfw to work. You can - and should - add other rules to bolt the communications down eg
ipchains -A input -i eth1 -s ip_of_dmz_host 110 -d any 1024:65535 -j ACCEPT ipchains -A input -i eth1 -s ip_of_dmz_host -j DENY
HTH John
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com