Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
AW: [suse-security] Re: Masquerading unter Kernel 2.4
  • From: "OKDesign oHG Security Administrator" <security@xxxxxxxxxxx>
  • Date: Wed, 9 Jan 2002 13:53:49 +0100
  • Message-id: <GFENKFFEGFMPFOMBKMCMAEPNCEAA.security@xxxxxxxxxxx>
Thank you for your hint, but the command-line you told doesn't work. The
system keeps complaining (unknowg arg --dport). I also tried out the long
version --destination-port with the same result. I looked at the manpage and
found that iptables should know this argument, so there seems to be a syntax
error.
Anyone has an idea what is wrong and how the correct syntax is ?

thx.
Stephan

-----Ursprungliche Nachricht-----
Von: Andreas Baetz [mailto:andreas.baetz@xxxxxxxx]
Gesendet: Mittwoch, 9. Januar 2002 08:39
An: suse-security@xxxxxxxx
Betreff: Re: [suse-security] Re: Masquerading unter Kernel 2.4


On Tuesday 08 January 2002 11:30, OKDesign oHG Security Administrator wrote:
> And one last question (okay, at least by now *g*): How do I tell linux to
> forward requests to a specific port to a specific machine in the LAN ?
With
> Kernel 2.2 I used ipmasqadm, but this order is also unknown to Kernel
> 2.4...

Look for DNAT in "man iptables".
On your firewall machine you could try :

"iptables -t nat -A PREROUTING -i <ext_IF_of_firewall> -d
<ip_of_firewall> --dport <desired_port> -j DNAT --to-destination <ip_of
internal_machine>"

Of course all packets need to be forwarded.
And masq the replys from the internal machine:

"iptables -t nat -A POSTROUTING -o <ext_IF_of_firewall> -s <ip_of
internal_machine> --sport <desired_port> -j MASQ"

These are general rules, you could narrow them with specific proto, source
etc.
And you should work with "-m state", because that's the most important
improvement in iptables, IMHO.

Andreas Baetz


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been scanned
for the presence of computer viruses.
**********************************************************************


--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx



< Previous Next >
References