Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Linux firewall help...

Re: Linux firewall help...

From: R. DuFresne <dufresne_at_sysinfo.com>
Date: Sun, 13 Aug 2000 10:41:56 -0400 (EDT)

Daniel,

I can't help but think the advice given by Keith Morgan to Wes Chalfant
about using ipmasqadm/portfw a day or two ago in this list would help you.
The list archives should have this, the subject line was:

RE: [fw-wiz] Linux rinetd and NT IIS logging (synch)

Thanks,

Ron DuFresne

On Sat, 12 Aug 2000, Daniel Linder wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ok, first off let me apologize for asking quite basic questions, but
> I have run out of on-line options to study.
>
> I'm currently tasked with configuring a Linux firewall (two network
> cards, one with a "live" IP address, and one with an RFC 1918
> address). The firewall will be configured to listen to two
> additional IP addresses and re-direct specific incoming ports to two
> servers hidden on the internal network. I have the multiple IP
> addresses setup on the firewall, and I have setup my home Linux
> firewall to do Masquerading so I think that is going to go well, but
> what I need help with is the redirection part. (FYI, I am using an
> old Pentium with Mandrake 7.1 installed, 2.2.16 kernel.)
>
> From reading the IPChains HOWTO file, it appears that the "-j
> REDIRECT" chain only redirects to a port on the FIREWALL, not to
> another system. If someone could show me how to redirect a
> connection to "real IP Address A, Port X" to the "hidden 10.0.0.1,
> Port X" I would be really happy! (If it helps, the ports are HTTP,
> HTTPS, PCAnywhere, and FTP, but all I really need is a boiler plate
> for the inbound redirection.)
>
> As a side note, will the reply packet sent back out to the Internet
> come from the firewall, or is it possible to setup a "Static NAT"
> between the aliased IP address and the internal IP address of the
> server?
>
> If this is too complicated, can someone show me an example that
> takes and re-directs EVERYTHING through from address X to address Y
> (a simple, two-way static NAT)?
>
> Dan
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOZXIGGAbmmZFgUT8EQKeDACfeIyAhNxiKWtgzti3+WeElzVzfy0AoIHK
> 9OcVP88b7FkqnUEYva/2Ct9g
> =ejx3
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Firewall-wizards mailing list
> Firewall-wizards_at_nfr.net
> http://www.nfr.net/mailman/listinfo/firewall-wizards
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
Firewall-wizards mailing list
Firewall-wizards_at_nfr.net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Received on Aug 15 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]