"Michael P. Soulier" wrote: > > From IPMASQADM(8): > > EXAMPLES > Redirect all web traffic to internals hostA and hostB, > where hostB will serve 2 times hostA connections. Forward > rules already masq internal hosts to outside (typical). > > ipchains -I input -p tcp -y -d yours.com/32 80 -m 1 > ipmasqadm mfw -I -m 1 -r hostA 80 -p 10 > ipmasqadm mfw -I -m 1 -r hostB 80 -p 20
Do I still need to set up ipchains for packets coming back out, or does this take care of all of it? Another thing I'm similarly stuck on is portforwarding into a single FTP server. Do you just: ipmasqadm portfw -a -P tcp -L $external_ip 20 -R $DMZFTP_IP 20 ipmasqadm portfw -a -P tcp -L $external_ip 21 -R $DMZFTP_IP 21 or do I also need to put in some ipchains stuff defining the exiting packets? Also, can I use both portfw and mfw in a configuration, for instance mfw with the web servers and portfw with the ftp server? TIA > > Mike > > On 01/03/02 Xeno Campanoli did speaketh: > > > As near as I can tell from the documentation I've read so far, you can't > > (in 2.2.x) ipmasqadm portfw a port to multiple servers of the same > > port. For instance if I want to go from the ip address on my cable > > connection to four separate webservers, say one an apache, one a boa, a > > dhttpd and a roxen, all > > of which have their own separate purposes, I just can't do this it looks > > like without getting multiple external ip addresses using portfw. It > > also looks like I in fact might be able to do this with mfw, which is > > apparently not recommended. Anyhow, I'm stretching beyond my ability > > here anyway for now. > > > > The one answer that does seem to be reasonable is to specify 80 for a > > front end webserver and then access the other webservers on other ports, > > so that the apache could be 81, the roxen 82, the boa 83. Is this > > fairly typical? > > > > I'm not keen on playing too radically, at least not this season. > > > > TIA for any feedback. > > > > Sincerely, Xeno > > -- > > http://www.eskimo.com/~xeno > > [EMAIL PROTECTED] > > Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A. > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- > Michael P. Soulier <[EMAIL PROTECTED]>, GnuPG pub key: 5BC8BE08 > "...the word HACK is used as a verb to indicate a massive amount > of nerd-like effort." -Harley Hahn, A Student's Guide to Unix > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature -- http://www.eskimo.com/~xeno [EMAIL PROTECTED] Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.
