[EMAIL PROTECTED] wrote:
-Original Message-
From: Noah [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 25, 2003 9:03 AM
To: [EMAIL PROTECTED]
Subject: port forwarding with IP TABLES - bad argument
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 10700
-j DNAT --to
> -Original Message-
> From: Noah [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 25, 2003 9:03 AM
> To: [EMAIL PROTECTED]
> Subject: port forwarding with IP TABLES - bad argument
>
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 10700
> -j DNAT --to
> $PORTFWIP:10700
> B
Thanks for that Larry,
the simple script below has worked in testing so I'll tidy it up and stick it
in my ip-up/ip-down scripts to see how it goes.
Gary
#!/usr/bin/perl -w
$file='/var/lock/sshport';
unlink $file||warn "cannot delete '$file': $!\n";
open(FOUT,"|ssh -L 110:stan:110 stan")|| die
I would think you could write a small perl script that would launch it and
record the pid where it could be used to kill it on shutdown. I use a perl
script to launch sftp all the time and it works fine in the background. My
script closes the connection and ends but yours could remain in memory u
Gary Stainburn said:
> What I need to know is how can I do this without ssh opening up the
> terminal session? The reason being that I want to start the ssh port
> forward as part of my ip-up script and kill it as part of my ip-down
> script.
>
> When I tried putting it in the background by sti
Microsoft would not include it in the base product because they have
another product they sell which does this. The first product was MS
Proxy server, an appalling, so called firewall. It has now been
replaced with ISA server. It is better, but not great.
Both products do port forwarding and I
Use something like wingate as a proxy/port forwarder.
Turn off XP's firewall.
Rgds,
Darryl
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Ted Hilts
> Sent: Thursday, October 10, 2002 3:48 PM
> To: [EMAIL PROTECTED]
> Subject: Port Forwarding
On Fri, Sep 06, 2002 at 04:58:56PM -, Mike Burger wrote:
>
> I think a google search for "BIND views" should get you the info you need.
There was an aricle in SysAdmin Mag while ago that explained BIND views,
exemples and all. Hopefully, it will be on their website.
http://www.samag.com>
E
Yup...BIND 9.x supports split views...you can have an internal and external
view of your domain...that is, for the internal network, your DNS spits out
one set of addresses, and for outside requests, another.
It's exactly how I'm handling the DNS for my domain, behind my firewall.
I think a go
At 09:07 06/09/2002 -0500, you wrote:
>Actually, for the internal network, you're better using split horizon
>DNS...also known as an itnernal view.
etnlighten me? :)
I did look into using DNS to solve this (we have internal and external
nameservers, so this was a strong possibility) but my brai
Actually, for the internal network, you're better using split horizon
DNS...also known as an itnernal view.
On Fri, 6 Sep 2002, Nick Lindsell wrote:
>
> >
> > > > 1.1.1.2. I understand that machines on the internal network (eth0)
> > would not
> > > > be able to make use of this, but as long
>
> > > 1.1.1.2. I understand that machines on the internal network (eth0)
> would not
> > > be able to make use of this, but as long as it works from the net
> connection
> > > (ppp0) then that is ok. That's all I need. But, of course, if there
> is a way
> > > where this would work for both
Firestarter, at least when i tried it out, created too many unnecessary
rules, made kind of a mess.
Brewing your own gives you a much finer grain of control.
On 5 Sep 2002, Anthony Abby wrote:
> Kevin, skip home-brewed IPTables and use firestarter
> (http://firestarter.sourceforge.net). It'll
On Fri, 2002-09-06 at 11:30, Gordon Messmer wrote:
> The client will try to open the connection to your router
> (1.1.1.1:8181). The router will forward the packet according to its
> rules by changing the destination and forwarding it on as normal. The
> server (1.1.1.2) gets the packet, but it
Kevin - KD Micro Software wrote:
-
I don't understand why none of the iptables forwarding commands are working.
Before the command is issued, when a remote user attempts to connect to that
port, you get the Connection Refused message (as you would expect). After
you issue the c
On Thu, 2002-09-05 at 19:54, Kevin - KD Micro Software wrote:
>
> I don't understand why none of the iptables forwarding commands are working.
> Before the command is issued, when a remote user attempts to connect to that
> port, you get the Connection Refused message (as you would expect). After
)
- Original Message -
From: "Gordon Messmer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 06, 2002 10:11 AM
Subject: Re: Port Forwarding
> On Thu, 2002-09-05 at 18:06, Kevin - KD Micro Software wrote:
> > I would like port 8181 on my Red Ha
On Thu, 2002-09-05 at 18:06, Kevin - KD Micro Software wrote:
> I would like port 8181 on my Red Hat box (7.2, kernel 2.4.9-34, let's say ip
> is 1.1.1.1 (example only)) to be forwarded to port 80 on internal machine IP
> 1.1.1.2. I understand that machines on the internal network (eth0) would not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 05 September 2002 09:13 pm, Teodor Georgiev wrote:
> - Original Message -
> From: "Mike Burger"
>
> > It works just fine, and isn't difficult, at all:
> >
> > iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport -j DNAT
> > -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 05 September 2002 09:06 pm, Kevin - KD Micro Software wrote:
> Hi all,
>
> I've spoken to a couple of people who tried port forwarding using
> iptables and apparently it's not an easy task to accomplish. I've tried
> myself and don't seem
- Original Message -
From: "Mike Burger" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 06, 2002 4:15 AM
Subject: Re: Port Forwarding
> It works just fine, and isn't difficult, at all:
>
> iptables -t nat -A PREROUTING -i ppp
It works just fine, and isn't difficult, at all:
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport -j DNAT
--to-destination xxx.xxx.xxx.xxx
iptables -A FORWARD -p tcp --dport -m state --state NEW -d
xxx.xxx.xxx.xxx -j ACCEPT
On Fri, 6 Sep 2002, Kevin - KD Micro Software wrote:
>
hmmm... something like this:
iptables -t nat -A PREROUTING ! -i eth0 -p tcp --destination-port 80 -j
DNAT --to 1.1.1.2:80
means - forward all the connections to port tcp 80 that DO NOT come from
your internal network (eth0) to IP1.1.1.2, on port 80
T.G.
- Original Message -
From: "K
Kevin, skip home-brewed IPTables and use firestarter
(http://firestarter.sourceforge.net). It'll write your IPTables for you
as well as NAT and Port Forwarding. Check it out.
Anthony
On Thu, 2002-09-05 at 21:06, Kevin - KD Micro Software wrote:
> Hi all,
>
> I've spoken to a couple of people
Ok, what if I run apache on port 81 and only allow connection on port
443, then forward port 80 to the other box?
jay
On Tue, 2002-07-02 at 06:32, Mike Burger wrote:
> You can have port 80 and port 443 running on the server, but only forward
> port 443 through your firewall.
>
> DNS server do
You can have port 80 and port 443 running on the server, but only forward
port 443 through your firewall.
DNS server doesn't enter into the picture, really...your filrewall needs
to know who/where to forward the ports.
On 2 Jul 2002, Jay Daniels wrote:
>
>
> Hello all,
>
> I have one serve
-BEGIN PGP SIGNED MESSAGE-
Bob Hartung wrote:
> One question about httpd.conf:
> I am running the main server as localhost for testing inside the
>home network. I am running the server that will have [someday] outside
>access as a virtual server. Maybe it should be the other way a
David,
I will have to compare your ideas and the ipchains rules I have in
place. This will take a while as I am new enough at this that I have to
continually refer to books etc. I'll let you know in a couple of days -
I do have a couple of ideas to pursue.
One question about httpd.conf:
-BEGIN PGP SIGNED MESSAGE-
Bob Hartung wrote:
>
>5. Ideas and suggestions appreciated. It may be that my
>problem is with the Virtual Server portion of httpd.conf
Bob -
I know it doesn't address your question, but I do recommend that if
you're just getting started, you upgrade to a 2
On Fri, 17 Nov 2000, Charles Galpin wrote:
> I've been doing a little reading on xinetd, and see that you can use it to
> forward ports for services to other machines, just like you can with
> ipmasqadm portfw.
>
> Could anyone offer an opinion regarding which is the better way to do
> this, and
sorry, I missed that too. I don't have time to try autofw, but this will
get you going for now
for port in 6070 6071 6072 6073 6074 6075 6076 6077 6078 6079 6080; do
ipmasqadm portfw -a -P udp -L $port -R 192.168.0.2 $port
done
Just add your ports to the for line.
In perl you can do a range
> From:Jeremy Russell [EMAIL PROTECTED]
>
> I can successfully forward a single port using:
>
> ipmasqadm portfw -a -P tcp -L -R
>
> I guess that maybe you are just missing the source IP address?
Yes and no. Yes, I'm missing the source IP, but I've been trying to use "ipmasqadm
autofw"
Hi Nate
I got it working using the following syntax (for https - port 443 - in
this case ) on my 6.2 box, 2.2.13 kernel, ipmasqadm-0.4.2-3
/usr/sbin/ipmasqadm portfw -a -P udp -L 206.84.220.139 443 -R 192.168.1.7 443
hth
charles
On Wed, 4 Oct 2000, Nate W wrote:
> Ingredients:
>RH6.2
>
i use :
/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 6060 -R $PORTFWIP1 80
$EXTIP = external ip
6060 = external port
$PORTFWIP1 = internal masq'd ip
80 = forwarded port
i hope that helps
eric
Nate W wrote:
>
> Ingredients:
>RH6.2
>kernel 2.2.14-5.0 w/ ip_masq and ip__masq_autofw
Hi,
I can successfully forward a single port using:
ipmasqadm portfw -a -P tcp -L -R
I guess that maybe you are just missing the source IP address?
Hope this helps..
Regards
Jeremy
- Original Message -
From: "Nate W" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, 5 Oc
HOORAY!!!
POKEY IS WITH US AS ALWAYS!!
On Tue, Sep 19, 2000 at 05:24:25PM -0500, Stephen E. Hargrove wrote:
> That's the ticket! Thank Michael. I modified httpd.conf to listen to
> 192.168.1.10:80 and pointed the pinhole on the DSL router to
> 192.168.1.10 and now is working perfectly.
>
That's the ticket! Thank Michael. I modified httpd.conf to listen to
192.168.1.10:80 and pointed the pinhole on the DSL router to
192.168.1.10 and now is working perfectly.
Thanks again!
--
Steve
___
Redhat-list mailing list
[EMAIL PROTECTED]
https
Stop me as soon as I say something that's not accurate.
Okay... so there are three subnets here.
66.x.x.x
[Cayman]
192.168.1.0
[dual-homed host which houses web server]
192.168.2.0
...right?
The DSL router knows about (connects to) 66.x.x.x and 192.168.1.0;
The dual-homed server knows about 19
Sorry for the confusing info in my original post. Let my try to clarify
based on the questions received.
"Michael R. Jinks" wrote:
>
> Does the DSL modem have two associated IP's as well -- 192.168.1.254 and
> also the 66.x.x.x address you mention below?
192.168.1.254 is the internal IP addre
I realize that you have most likely already set up your IP-Masq rules, but
here is a script file that will help assist in not only the IP-Masq aspect
but should also fix your port forwarding problem.
ftp://duke.eburg.com/pub/linux/init.firewall
I use this script for most of my NAT needs, includi
I didn't see any other responses to this, so let me offer this.
Although you don't say so, it sounds like your internal web server is not
running on the box with two nics, but some other machine in the
192.168.2.x network, lets say it has 192.168.2.3 for aguments sake. I
believe you want a port f
On Mon, Sep 18, 2000 at 06:23:55PM -0500, Stephen E. Hargrove wrote:
> I've been chasing a problem now for a few days, and it's driving me nuts.
> Hopefully someone here can shed some light on my obviously darkened (at
> best) understanding.
>
> Two NICs:
> 192.168.2.1 - internal network
> 192.16
Hello George,
Friday, August 18, 2000, 8:18:14 AM, you wrote:
GL> I finally got port forwarding working with my IP Masq
GL> setup a few weeks ago. But... I have a few problems.
GL> Here is my situation:
GL> 1. My static IP is associated with my domain in the
GL> following ways. Example (These
On Fri, 18 Aug 2000, George Lenzer wrote:
> I finally got port forwarding working with my IP Masq
> setup a few weeks ago. But... I have a few problems.
> Here is my situation:
>
> 1. My static IP is associated with my domain in the
> following ways. Example (These aren't the real addresses):
>
> Or a single web server running virtual domains. This single web server
> would get all port 80 traffic forwarded to it and figure out the correct
> domain from the HTTP header.
That wasn't the original request : Redirect the HTTP request to different
IP's based on the domain-name.
This simpl
sorry, I should have said this is done through mod_proxy, and the
ProxyPassReverse directive is only present in Apache 1.3b6 and later.
After reading up on it, this looks perfect!
charles
On Wed, 23 Feb 2000, Charles Galpin wrote:
> I posted a question on the mod-perl list since I thought this
I posted a question on the mod-perl list since I thought this could be
done via apache. Here is a response I got that indicates it can be done
with Apache (not needing mod-perl)
>For example, requests to
>
>domA.com:80 ---> 192.168.1.1:80
>domB.com:80 ---> 192.168.1.2:80
This is probably off-top
on 22/2/2000 4:20 PM, Charles Galpin shot down the bitstream:
> I sort of vaguely remember seeing somehwere that apache could act as some
> sort of proxy and redirect virtual hosts to other internal machines (and
> I'm assuming back out transparantly), but that could just be wishful
> thinking.
>
on 22/2/2000 3:20 PM, Igmar Palsenberg shot down the bitstream:
>> Whenever joe user pulls up his web browser and goes to www.mydomain.com, the
>> IPCHAINs box routes to 192.168.0.10 on the inside, whenever joe user pulls up
>> his browser and goes to www.myotherdomain.com, the IPCHAINs box route
I'm glad someone finally cleared this up cuz I wuz pullin me hais out myself
trying to figure a way. Although, I take exception to the statement that
"ipchains has no knowledge of the HTTP protocol," I'm sure that is not what
you really meant to say.
>> Does anyone have some sample IPCHAI
I sort of vaguely remember seeing somehwere that apache could act as some
sort of proxy and redirect virtual hosts to other internal machines (and
I'm assuming back out transparantly), but that could just be wishful
thinking.
Anyone know about something like this?
charles
On Tue, 22 Feb 2000, I
Well I was using a Linux 6.0 box, and was able to use EASYFW and RINETD , it
worked smooth only issue is, you can not re-direct FTP ports with RINETD
(software issue) .. I had tried NETMAX's FIREWALL/ROUTER but IP address kept
changing... so now I am stuck using NAT32 (on a WINBLOWS machine) ,
> Does anyone have some sample IPCHAINs rules to forward http requests
> to
> multiple web servers on a private network, based on the requested
> domain?
> I know that's not very clear, so let me explain a little
> better: lets
> say 192.168.0.10 and 192.168.0.11 are webservers on
"Toby A. Rider" wrote:
> Does anyone have some sample IPCHAINs rules to forward http requests
> to
> multiple web servers on a private network, based on the requested
> domain?
That's not going to work. The connection has to be established (which
means the packets have to be port forwarded/r
Yes kernel 2.2.5 and up with ipmasqadm installed. Works great can forward
any port and also to like ports.
-
Sean Clarke
Network / Systems Support Manager
Cashline ABM Inc. / CyberNet Computer Services
[EMAIL PROTECTED]
[EMAIL PRO
> I have Rinetd setup , and it works good, however, it does not allow port
> forwarding to FTP anyone know of any good port forwarding type programs?
Have a look at Xinetd
(http://www.freshmeat.net/appindex/1998/10/30/909732313.html). There are also
a few lightweight Perl script that would
ipmasqadm
Philippe
Kurt Brust <[EMAIL PROTECTED]> writes:
> I have Rinetd setup , and it works good, however, it does not allow port
> forwarding to FTP anyone know of any good port forwarding type programs?
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as th
57 matches
Mail list logo
