On Wed, 15 Jan 2003, Nick Lindsell wrote: > At 14:16 15/01/2003 +0000, you wrote: > >Hi Folks, > > > >I have a Watchguard firebox II which is based on a 2.2 kernel. With this > >box, > >I can define IP addresses within the subnet of the public I/F and have that > >traffic forwarded to a host within my DMZ. > > > >For example the public I/F of the firewall is 213.38.87.130, but I have > >configured the box so that incoming traffic for 213.38.87.132 gets forwarded > >to 10.5.1.2 on the DMZ's (eth1) subnet. > > > >I would like to do a similar thing on another box running a standard RH > >installation. Has anyone got any ideas how I can do that? > > > You'll need to use iptables to portforward to the internal box. > e.g. > /sbin/iptables -A PREROUTING -t nat -d $EXTERNAL_FIREWALL_IP -j DNAT --to > $INTERNAL_SERVER_IP > > or something like that. > You could place the command in /etc/rc.d/rc.local. > > It would probably be wise to only portforward specific ports.........
Two problems with the above suggestion: A) Kernel 2.2.x doesn't do netfilter/iptables B) iptables doesn't like ethx:y interfaces -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
