[NTLUG:Discuss] simple portforwarding firewall
Daniel Hauck
xdesign at hotmail.com
Sat Jun 22 07:20:46 CDT 2002
yeah maybe but the first thing that clicked in my head was the ability to
use "hosts.allow"
----- Original Message -----
From: "Jack Snodgrass" <jack+ntlug at mylinuxguy.net>
To: <discuss at ntlug.org>
Sent: Saturday, June 22, 2002 07:13
Subject: Re: [NTLUG:Discuss] simple portforwarding firewall
> an IPTABLES/IPCHAINS solution would probably be more
> efficient..... just harder to figure out.
>
> xinetd.conf for forwarding port 80 would be:
>
> service http
> {
> socket_type = stream
> wait = no
> user = root
> redirect = 172.16.0.1 8000
> bind = 66.166.166.66
> port = 80
> }
>
> .... something like that.
>
> jack
>
>
>
> ----- Original Message -----
> From: "Daniel Hauck" <xdesign at hotmail.com>
> To: <discuss at ntlug.org>
> Sent: Saturday, June 22, 2002 6:49 AM
> Subject: Re: [NTLUG:Discuss] simple portforwarding firewall
>
>
> > Do tell! Give us an example please? I'm considering this myself soon.
> >
> > ----- Original Message -----
> > From: "Jack Snodgrass" <jack+ntlug at mylinuxguy.net>
> > To: <discuss at ntlug.org>
> > Sent: Saturday, June 22, 2002 06:23
> > Subject: Re: [NTLUG:Discuss] simple portforwarding firewall
> >
> >
> > > Not that it is 'better', but there is an alternative.
> > > you can use xinetd to forward port 80 to your internal
> > > box. Look at the redir ( or redirect ) option.
> > >
> > > jack
> > >
> > > ----- Original Message -----
> > > From: "Jay Urish" <j at yourlinuxguru.com>
> > > To: <discuss at ntlug.org>
> > > Sent: Friday, June 21, 2002 2:39 PM
> > > Subject: [NTLUG:Discuss] simple portforwarding firewall
> > >
> > >
> > > > Hey yall;
> > > >
> > > > I need a shove in the right direction..
> > > >
> > > > I am trying to forward all requests to port 80 on a clean side box
> from
> > > the
> > > > internet through a iptables firewall..
> > > >
> > > > The following script is not working..
> > > >
> > > > I am looking for 4 -5 lines to do this..
> > > >
> > > >
> > > > What am I missing? I have been to a pile of netfilter sites and that
> is
> > > > where I got what I have.
> > > >
> > > > I need another set off eyes to look this over and catch my goof.
> > > >
> > > > ----
> > > > #This is a cheesey script by j at yourlinuxguru.com
> > > > #feel free to modify it at your own risk.
> > > >
> > > > #I need to set default rules first
> > > > #!/bin/sh
> > > > # Flush current settings
> > > > iptables -P INPUT ACCEPT
> > > > iptables -F INPUT
> > > > iptables -P OUTPUT ACCEPT
> > > > iptables -F OUTPUT
> > > > iptables -F FORWARD
> > > > iptables -t nat -F
> > > >
> > > > #I need to load a module
> > > > /sbin/modprobe iptable_nat
> > > >
> > > >
> > > >
> > > > #I am enabling ip forwarding right here
> > > > echo 1 > /proc/sys/net/ipv4/ip_forward
> > > >
> > > >
> > > > iptables -A PREROUTING -t nat -p tcp -d 63.64.250.206 --dport 80 -j
> DNAT
> > > > --to 192.168.2.30:80
> > > >
> > > >
> > > >
> > > > #Now I make sure packets can forward
> > > > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > http://www.ntlug.org/mailman/listinfo/discuss
> > > >
> > >
> > >
> > > _______________________________________________
> > > http://www.ntlug.org/mailman/listinfo/discuss
> > >
> >
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list