GBV wrote:
- Original Message -
From: "GBV" <[EMAIL PROTECTED]>
To: "*debian" <[EMAIL PROTECTED]>
Sent: Wednesday, March 19, 2003 5:39 PM
Subject: IRC under NAT
I´m using Debian 3.0r1 with kernel 2.4.19 as a iptables firewall
I have internal webservers that I need to publish as Internet Sites For
this
manipulation I´m using Apache ProxyPass. The site works perfectly under
apache.. even when the internal host is an ISS.
1. How can I do it without apache proxypass, using iptables?
2. This internal webserver also have a IRC server... how can I manipulating
iptables, to the external hosts use this internal IRC server, since i´monly
"sharing" the httpd via apache proxypass?
both this problems can be solved with simple port-forwarding like so:
iptables -t nat -A PREROUTING -i -s -p tcp
--dport 80 -j DNAT --to
iptables -A FORWARD -i -s -o -d
-p tcp --dport 80 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i -s -o -d
-p tcp --sport 80 -m state --state ESTABLISHED,RELATED
-j ACCEPT
This is for HTTP, for IRC simply chnage to --dport 6667 (or whatever
port youre running your ircd on)
3. Since I´m using apache proxypass I defined in virtualhosts that
'/internalhost' leads to http://192.168.0.69:8080 , and I need to mantain
that www.foo.com/internalhost , but using iptables someway. And I need the
ircd of this internal server, responds via the same host. I´d like to
mantain my apache since it´s in use... Is it possible? OR I´ll have to put
this apache in another internal host, and them using iptables for
manipulating?
Since the Iptables settings above simply forward all traffic coming into
port 80 to the internal server, the apache on the firewall will not be
accessible, you'll need to run it on another host or on a different port.
Regards,
IFireBall.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
