Chris Mason (Lists) wrote: > Darrick Hartman wrote: >>> Really? It was a very popular thing to do on IOS routers... >>> >> Re-read what I said. In my mind it IS something that many people may >> want. That's why I thought it would be something beneficial to be in >> Arno's firewall upstream and not just a hack for this project. >> > I do it all the time - for example, I run internal ssh server access on > ports 23-28, one for each machine, so I can ssh to the machine by > ssh'ing to the corresponding port. I relocate http to 800+ for similar > devices that use web configuration interfaces. I also use it for serving > multiple webcams to the public, each one on a port above 80. Since they > are onlyu found by redirect, it doesn't matter what port they are on. I > could change the port they serve on but that makes maintenance a headace. > I use Shorewall as my firewall and it is relatively easy to do in Shorewall. >
Chris, Arno's firewall handles that situation nicely. It's if you are running a service on the same box that the firewall resides on that you have the issue. Say you have http on the firewall box on port 80, but don't want it accessible on port 80 from the outside. Arno's firewall currently doesn't handle this the same way as it does devices behind it. Probably because it's not NAT'ing for itself. Perhaps the firewall can already do that, but we're just using the wrong field/variable. Darrick ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
