Hello Stephan,
>Question 1;
>HI , I'm fairly new to iptables and was wondering if it's posible to shape
your incomming/outgoing
>traffic with IP tables. Here's what I want to do. I have an Internal LAN
running NAT and want to
>limit them to keep them from eating up all my bandwith. If this is posible
, can some one maybe
>point me to where I can find some documentation on this.
Yep, first check www.lartc.org, you have more links in QoS's link sections
at www.gnusec.com
Inbound traffic shaping (called policing) it's not working very fine :( but
outbound shaping it's working "fine", but it's not easy to setup. You have
many ways to try it with Linux, some of them very tricky.
>Question 2;
>Is it posible to direct Incomming port to another host. Let's say I want to
do the following.
>I want people to connect to the firewall and not the actual server that's
>running the ftp server.
For example:
#!/bin/sh
VIRTUAL=FIREWALL_EXTERNAL_IP
FTPHOST=INTERNAL_FTP_IP
iptables -t nat -A PREROUTING -d $VIRTUAL -j DNAT -p tcp --dport 21 --to
$FTPHOST
and filtering rule:
iptables -A FORWARD -d $FTPHOST -p tcp --dport 21 -j ACCEPT
and more fun, catch external request to port 21000 and redirect to another
port in another host
OTHERPORT=PORT_X
iptables -t nat -A PREROUTING -d $VIRTUAL -j DNAT -p tcp --dport 21 --to
$FTPHOST:$OTHERPORT
Un saludo,
Sancho Lerena
[EMAIL PROTECTED]
GNUSec, the GNU Security Resource.
http://www.gnusec.com
