Firewall Help

Dallas Helquist plug-discuss@lists.plug.phoenix.az.us
19 Sep 2002 23:47:48 -0600 

Sorry for the delayed response.  Here's your answer, in an example.  

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 216.87.68.45 --dport 80
-j DNAT --to-destination 216.87.68.43:80

In this example, eth0 is my "external" address.  The IP's in question
are routed to me.  eth0 does not have an address in that range, though
in theory it could with no problems.

216.87.68.45 is the "public" address people would try to go to.
The --to-destination could also be a private address, ie
--to-destination 192.168.99.1:80

You can muck with any of the above ports, ie public port 80 doesn't have
to go to internal port 80.  You can also specify a range of address's
for destination like 216.87.68.42-216.87.68.44.  

Let me know how it works. 

This will work on any linux distro that has iptables with the correct
modules/compiled in options.  Most stock distro's have them ready to go.

-dallas



On Wed, 2002-09-18 at 19:13, Justin Wilson wrote:
> I am hoping that someone might be able to help me help someone else. 
> 
> I am trying to help a friend out who has a small network that he runs
> services off of, do to the way he needs his Webservers to access his
> Database, he needs a direct connection to the DB server, so he cannot
> put his webserver outside his main firewall. So I suggested that he
> place his Webserver inside his firewall and run port forwarding to the
> webserver, his DNS servers, mail server, and two windows boxes that he
> is running VNC on. 
> 
> Well the one problem he has is that he has multiple IPs that he is using
> for his various servers. All the sample firewall scripts and Howto's
> that I can find are for implementing port forwarding are with a single
> IP on the firewall and forwarding the various ports on that IP to the
> other boxes. So therefore the problem that I have is with the DNS
> servers and the VNC systems, they require the same port, so I want to
> run multiple IPs on a single NIC on the firewall and forward the ports
> from specific IPs to the various boxes that are running the needed
> services.
> 
> Is this the way to do this or is there a better way, and if it is the
> way to do it where can I get an example or a Howto?
> 
> -Justin
> justin@bigcity.nu
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-- 
Dallas Helquist <dallas@oldbrownjeep.net>