Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Re: Masquerading unter Kernel 2.4
  • From: Andreas Baetz <andreas.baetz@xxxxxxxx>
  • Date: Wed, 9 Jan 2002 08:38:46 +0100
  • Message-id: <02010908384600.22097@pp1>
On Tuesday 08 January 2002 11:30, OKDesign oHG Security Administrator wrote:
> And one last question (okay, at least by now *g*): How do I tell linux to
> forward requests to a specific port to a specific machine in the LAN ? With
> Kernel 2.2 I used ipmasqadm, but this order is also unknown to Kernel
> 2.4...

Look for DNAT in "man iptables".
On your firewall machine you could try :

"iptables -t nat -A PREROUTING -i <ext_IF_of_firewall> -d <ip_of_firewall> --dport <desired_port> -j DNAT --to-destination <ip_of internal_machine>"

Of course all packets need to be forwarded.
And masq the replys from the internal machine:

"iptables -t nat -A POSTROUTING -o <ext_IF_of_firewall> -s <ip_of internal_machine> --sport <desired_port> -j MASQ"

These are general rules, you could narrow them with specific proto, source etc.
And you should work with "-m state", because that's the most important improvement in iptables, IMHO.

Andreas Baetz


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been scanned
for the presence of computer viruses.
**********************************************************************


< Previous Next >