We're still stuck with the point that kernel 2.2.x doesn't do iptables.

On Wed, 15 Jan 2003, David Busby wrote:

> For this you can tell iptables (get latest kernel) to port forward from a
> specifc inbound IP address.
> This avoids using eth0:1, you say (but I forget how) to take all inbound
> packets for PUBLICIP:PORT and forward to PRIVATEIP:PORT.  Look at the -m
> and -p switches for iptables
> 
> /B
> 
> ----- Original Message -----
> From: "Mike Burger" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, January 15, 2003 10:18
> Subject: Re: Forward IP from eth0:1 to real host behind eth1
> 
> 
> > On Wed, 15 Jan 2003, Nick Lindsell wrote:
> >
> > > At 14:16 15/01/2003 +0000, you wrote:
> > > >Hi Folks,
> > > >
> > > >I have a Watchguard firebox II which is based on a 2.2 kernel.  With
> this
> > > >box,
> > > >I can define IP addresses within the subnet of the public I/F and have
> that
> > > >traffic forwarded to a host within my DMZ.
> > > >
> > > >For example the public I/F of the firewall is 213.38.87.130, but I have
> > > >configured the box so that incoming traffic for 213.38.87.132 gets
> forwarded
> > > >to 10.5.1.2 on the DMZ's (eth1) subnet.
> > > >
> > > >I would like to do a similar thing on another box running a standard RH
> > > >installation. Has anyone got any ideas how I can do that?
> > >
> > >
> > > You'll need to use iptables to portforward to the internal box.
> > > e.g.
> > > /sbin/iptables -A PREROUTING -t nat -d $EXTERNAL_FIREWALL_IP -j
> DNAT --to
> > > $INTERNAL_SERVER_IP
> > >
> > > or something like that.
> > > You could place the command in /etc/rc.d/rc.local.
> > >
> > > It would probably be wise to only portforward specific ports.........
> >
> > Two problems with the above suggestion:
> >
> > A) Kernel 2.2.x doesn't do netfilter/iptables
> >
> > B) iptables doesn't like ethx:y interfaces
> >
> > --
> > Mike Burger
> > http://www.bubbanfriends.org
> >
> > Visit the Dog Pound II BBS
> > telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
> >
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
> > https://listman.redhat.com/mailman/listinfo/redhat-list
> 
> 
> 
> 

-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to