Re: Forwarding/Redirecting with Linux/ipchains

Sat, 2 Jan 1999 16:51:56 -0800 

Good evening, Jason,

On Thu, 21 Oct 1999, Jason Oseen wrote:

> 1.) The Art
>                            ___________ 
> Other Net  192.168.200.240 |         |
> ---------------------------|Linux FW |
>                      eth0  |_________|
>                             eth1|192.168.100.101 
>                                 |
>                                 |
>                                 |192.168.100.100
>                            _____|______
>                            |          |
>                            |   WWW    |
>                            |__________|
> 
> 2.) The Problem: 
> Need to forward (redirect?) packets received on eth0 of the FW to the WWW
> box and obviously send back the requested information.  ie. enter
> 192.168.200.240 in the browser and get a webpage back from WWW. I'm
> attempting to use ipchains. At this point I don't even care about a tight
> FW, I just need to get the packets flowing. (Will consider other "gratis"
> solutions.)
> 
> 3.) The Scenario on the Linux FW (RH 6.1)
> FORWARD_IPV4="true" in /etc/sysconfig/networks
> executed insmod /lib/modules/2.2.12-20/ipv4/ip_masq_portfw.o
> gateways - Are they required in this situation and if so, 
>           which box(es) should be set up with what for a gateway.

        The technique you need to use is "port forwarding".  You set up
your firewall so that any requests that arrive on port 80 on the firewall
get sent back to port 80 on 192.168.100.100.
        There's coverage of the topic in the IP Masquerade HOWTO at both
http://ipmasq.cjb.net and http://metalab.unc.edu/linux/ .

> routing table is as follows:
> 
> Destination    Gateway Genmask        Flags Metric Ref Use Iface
> 192.168.100.0  *       255.255.255.0  U     0      0     0 eth0
> 192.168.200.0  *       255.255.255.0  U     0      0     0 eth1
> 127.0.0.0      *       255.0.0.0      U     0      0     0 lo
> 
> My attempts thus far have been based on IPCHAINS-HOWTO, but it's a bit
> difficult to learn unless you have packet flow already.

        (As a side note, Mason - see my .sig - is a good teaching tool for
packet filtering, but not port forwarding)
        Cheers,
        - Bill

---------------------------------------------------------------------------
        The thing that I suspect matters most is that Telsa is more 
important to me than sitting in front of a computer reading email. 
        - Alan Cox
--------------------------------------------------------------------------
William Stearns ([EMAIL PROTECTED]).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns/
--------------------------------------------------------------------------


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to