The best source of examples that worked as a sweet starter template for me can be found at:
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c.html If you are running ipchains, it's a killer place to look. I plan to check it out again when it has iptables support in it to see if he has anything new. vec ----- Original Message ----- From: "Xeno Campanoli" <[EMAIL PROTECTED]> To: "Michael P. Soulier" <[EMAIL PROTECTED]> Cc: <debian-user@lists.debian.org> Sent: Saturday, March 02, 2002 8:59 PM Subject: Re: portfw to multiple machines, same port > "Michael P. Soulier" wrote: > > > > From IPMASQADM(8): > > > > EXAMPLES > > Redirect all web traffic to internals hostA and hostB, > > where hostB will serve 2 times hostA connections. Forward > > rules already masq internal hosts to outside (typical). > > > > ipchains -I input -p tcp -y -d yours.com/32 80 -m 1 > > ipmasqadm mfw -I -m 1 -r hostA 80 -p 10 > > ipmasqadm mfw -I -m 1 -r hostB 80 -p 20 > > Do I still need to set up ipchains for packets coming back out, or does > this take care of all of it? Another thing I'm similarly stuck on is > portforwarding into a single FTP server. Do you just: > > ipmasqadm portfw -a -P tcp -L $external_ip 20 -R $DMZFTP_IP 20 > ipmasqadm portfw -a -P tcp -L $external_ip 21 -R $DMZFTP_IP 21 > > or do I also need to put in some ipchains stuff defining the exiting > packets? Also, can I use both portfw and mfw in a configuration, for > instance mfw with the web servers and portfw with the ftp server? > > TIA > > > > > Mike > > > > On 01/03/02 Xeno Campanoli did speaketh: > > > > > As near as I can tell from the documentation I've read so far, you can't > > > (in 2.2.x) ipmasqadm portfw a port to multiple servers of the same > > > port. For instance if I want to go from the ip address on my cable > > > connection to four separate webservers, say one an apache, one a boa, a > > > dhttpd and a roxen, all > > > of which have their own separate purposes, I just can't do this it looks > > > like without getting multiple external ip addresses using portfw. It > > > also looks like I in fact might be able to do this with mfw, which is > > > apparently not recommended. Anyhow, I'm stretching beyond my ability > > > here anyway for now. > > > > > > The one answer that does seem to be reasonable is to specify 80 for a > > > front end webserver and then access the other webservers on other ports, > > > so that the apache could be 81, the roxen 82, the boa 83. Is this > > > fairly typical? > > > > > > I'm not keen on playing too radically, at least not this season. > > > > > > TIA for any feedback. > > > > > > Sincerely, Xeno > > > -- > > > http://www.eskimo.com/~xeno > > > [EMAIL PROTECTED] > > > Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A. > > > > > > > > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > -- > > Michael P. Soulier <[EMAIL PROTECTED]>, GnuPG pub key: 5BC8BE08 > > "...the word HACK is used as a verb to indicate a massive amount > > of nerd-like effort." -Harley Hahn, A Student's Guide to Unix > > > ------------------------------------------------------------------------ > > Part 1.2Type: application/pgp-signature > > -- > http://www.eskimo.com/~xeno > [EMAIL PROTECTED] > Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >