> > > On Friday 05 December 2003 10:15 pm, Nathaniel McCallum wrote:
> > I know about port forwarding. I don't want to forward a different > > port. I want to redirect data based upon packet destination rather > > than port. I'm really just trying to get free IP addys ;). Nathaniel what your wanting to do is very simple. Goto www.shorewall.net and do some research there and you will see. This is just one flavor of firewall but one of the best I've come acrossed with the best support via emailing list and great web site as well. There's really no mystery in how to achieve what your asking to achieve. There are two ways to do what your want to do. These are the same 2 choices that everyone else has when redirecting traffic from internet hosts to services you host on your internal lan. But you want to do it by name instead of ip directly. (IT all happens via ip, ports/sockets regardless. This is just how it works.) First and foremost you will need to either get familar with iptables or install a firewall like "Shorewall" that munipulates iptables for you to achieve what your wanting. Without one of those you will not be able redirect squat. Then.... You said: >I want to redirect data based upon packet destination rather than port. My response: The two really go hand in hand. So this tells me that you might understand port forwarding but don't understand some of the other fundmentals. (if you don't understand this then you in for some researching.) But again this is very simple if you understand the basic's. You mean via a DNS name.. E.G... www.yourfoobarrednetwork.com Lets say your public ip is 1.2.3.4 and you have registered (you will need too, to do what your trying to do) www.yourfoobarrednetwork.com and mail.yourfoobarrednetwork.com. Both of these registered names resolve to the same public ip address in DNS. 1.2.3.4 Internally you run a web server at 192.168.1.1 and a mail server at 192.168.1.2. Lets think about this for a second. If I open any given web browser/app and goto www.yourfoobarrednetwork.com (assuming that you've registered this dns name or are running a host's file that knows to resolve www.yourfoobarrednetwork.com to your public ip address), since I'm using a web browser, any browser will default to port 80/HTTP. So now my browser will transparently (to my eyes) resolve the dns name to an ip address and goto www.yourfoobarrednetwork.com (or 1.2.3.4 transparent to me) via http port 80 tcp. On your firewall you would need to have a rule that forwards requests coming to your public ip on port 80 tcp to the internal web server listening on port 80 tcp. General redirect rule: Incoming port 80 tcp goes: 1.2.3.4 (your public ip) > 192.168.1.1 (your internal web server) BAM... I'm on your website now. That was easy.. :P Ok.. to continue with my example.... lets say that I want to send you e-mail. In my example your running an email server on 192.168.1.2 and have registered a public dns mx record for mail.yourfoobarrednetwork.com that resolves to your public ip of 1.2.3.4. I open-up my smtp email-client/app (Kmail) and type in: TO: [EMAIL PROTECTED] SUBJECT: TEST ....and click on send. Since my smtp email-client/app defaults to using port 25 tcp, my email server will (transparently to me) lookup and resolve your mail domain to your public ip address that you have registered. 1.2.3.4, On your firewall you would need to have a rule that forwards requests coming to your public ip on port 25 tcp, to the internal mail server listening on port 25 tcp. General redirect rule: Incoming port 25 tcp goes: 1.2.3.4 (your public ip) > 192.168.1.2 (your internal mail server) BAM... You Have Mail.... That was easy.. :P For SSH you would simply need to goto www.yourfoobarrednetwork.com on port 22 tcp. You can either do this from the command line or a GUI ssh client/app. And you can do this by ip or by your registered domain name. General redirect rule: Incoming port 22 tcp goes: 1.2.3.4 (your public ip) > 192.168.1.3 (internal machine listening on port 22 tcp) The important thing to remember is that when redirecting any type of packet it will have an ip address/port-socket mapping. Those two are inseparable for the most part. HTH's, JBanks __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- [EMAIL PROTECTED] mailing list
