Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

re:linux firewall help

From: Chris Trudeau <chris () ctrudeau dyndns org>
Date: Sun, 13 Aug 2000 14:08:05 -0400
Ok, first off let me apologize for asking quite basic questions, but
I have run out of on-line options to study.

       I'm currently tasked with configuring a Linux firewall (two network
cards,  one with a "live" IP address, and one with an RFC 1918
address).  The firewall will be configured to listen to two
additional IP addresses and re-direct specific incoming ports to two
servers hidden on the internal network.  I have the multiple IP
addresses setup on the firewall, and I have setup my home Linux
firewall to do Masquerading so I think that is going to go well, but
what I need help with is the redirection part.  (FYI, I am using an
old Pentium with Mandrake 7.1 installed, 2.2.16 kernel.)

       From reading the IPChains HOWTO file, it appears that the "-j
REDIRECT" chain only redirects to a port on the FIREWALL, not to
another system.  If someone could show me how to redirect a
connection to "real IP Address A, Port X" to the "hidden 10.0.0.1,
Port X" I would be really happy!  (If it helps, the ports are HTTP,
HTTPS, PCAnywhere, and FTP, but all I really need is a boiler plate
for the inbound redirection.)


Don't use IPCHAINS to forward the packets take a look at ipmasqadm

Something like ipmasqadm portfw -h



       As a side note, will the reply packet sent back out to the Internet
come from the firewall, or is it possible to setup a "Static NAT"
between the aliased IP address and the internal IP address of the
server?


Depends on how much IP space you have outside the firewall...

If you have enough addresses to "Statically NAT" them, you'll have tp
arp from the firewall to next hop default router

arp -p IPADDRESS MAC ADDRESS -s

(thos switches may be only for Solaris)

Then run the ipmasqadm portfw command...



       If this is too complicated, can someone show me an example that
takes and re-directs EVERYTHING through from address X to address Y
(a simple, two-way static NAT)?


Hope the above helps...


-- 
Chris Trudeau
chris () ctrudeau dyndns org

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: