[Plug-security] ipchains vs iptable

[Carl Parrish]

Okay I'm trying to get port forwarding working on my home system. So
that any request for port 8081 on my gatway box would go to port 80 on
my webserver. In my firewall script I have the following variables set. 

$WEB_SERVER - My internal webserver
$EXTERNAL_INTERFACE - the nic card going out the the world
$INTERNAL_INTERFACE - the nic card going to my internal network
$IPADDR - external ip address

>From my reading I *think* this is the iptables rules I would want to set
up 

$IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p
tcp --dport 8081 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d $IPADDR --dport 80 \ 
-j DNAT --to $WEB_SERVER:80

Only problem is I don't have iptables set up. So I tried to create my
own ipchain rule

ipchain -A input -i $EXTERNAL_INTERFACE -s any/0 \
    -p tcp --destination-port 8081 -j REDIR --to $WEB_SERVER:80

Okay so first problem is I can't find any documentation on the REDIR
target (I guess what I really want is an example of the redirct target
going to another host). So I'm not at all sure of my syntax up there.
But even so it seems that my ipchain rule is easier than my iptable rule
set and I know that shouldn't usally be usally the case. So what am I
missing? Then I still haven't figured out if this rule has to go before
my ipchain forward rule set. for MASQ. So for all you sec gurus out
there. Please help. 


Carl P.