[NTLUG:Discuss] simple portforwarding firewall

Wayne Patterson wjpatterson at charter.net
Sat Jun 22 21:48:35 CDT 2002 

Thanks! =)

On Saturday 22 June 2002 19:02, you wrote:
> Just leave off the bind line and you'll bind to all of your interfaces.
>
> jack
>
> ----- Original Message -----
> From: "Wayne Patterson" <wjpatterson at charter.net>
> To: <discuss at ntlug.org>
> Sent: Saturday, June 22, 2002 12:18 PM
> Subject: Re: [NTLUG:Discuss] simple portforwarding firewall
>
> > Jack,
> > Is it possible to bind to eth0? My IP is dynamic.
> > Wayne
> >
> > On Saturday 22 June 2002 07:13, you wrote:
> > > an IPTABLES/IPCHAINS solution would probably be more
> > > efficient..... just harder to figure out.
> > >
> > > xinetd.conf for forwarding port 80 would be:
> > >
> > > service http
> > > {
> > >         socket_type  = stream
> > >         wait = no
> > >         user = root
> > >         redirect  = 172.16.0.1 8000
> > >         bind = 66.166.166.66
> > >         port = 80
> > > }
> > >
> > > .... something like that.
> > >
> > > jack
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Daniel Hauck" <xdesign at hotmail.com>
> > > To: <discuss at ntlug.org>
> > > Sent: Saturday, June 22, 2002 6:49 AM
> > > Subject: Re: [NTLUG:Discuss] simple portforwarding firewall
> > >
> > > > Do tell!  Give us an example please?  I'm considering this myself
>
> soon.
>
> > > > ----- Original Message -----
> > > > From: "Jack Snodgrass" <jack+ntlug at mylinuxguy.net>
> > > > To: <discuss at ntlug.org>
> > > > Sent: Saturday, June 22, 2002 06:23
> > > > Subject: Re: [NTLUG:Discuss] simple portforwarding firewall
> > > >
> > > > > Not that it is 'better', but there is an alternative.
> > > > > you can use xinetd to forward port 80 to your internal
> > > > > box. Look at the redir ( or redirect ) option.
> > > > >
> > > > > jack
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jay Urish" <j at yourlinuxguru.com>
> > > > > To: <discuss at ntlug.org>
> > > > > Sent: Friday, June 21, 2002 2:39 PM
> > > > > Subject: [NTLUG:Discuss] simple portforwarding firewall
> > > > >
> > > > > > Hey yall;
> > > > > >
> > > > > > I need a shove in the right direction..
> > > > > >
> > > > > > I am trying to forward all requests to port 80 on a clean side
> > > > > > box
> > >
> > > from
> > >
> > > > > the
> > > > >
> > > > > > internet through a iptables firewall..
> > > > > >
> > > > > > The following script is not working..
> > > > > >
> > > > > > I am looking for 4 -5 lines to do this..
> > > > > >
> > > > > >
> > > > > > What am I missing? I have been to a pile of netfilter sites and
>
> that
>
> > > is
> > >
> > > > > > where I got what I have.
> > > > > >
> > > > > > I need another set off eyes to look this over and catch my goof.
> > > > > >
> > > > > > ----
> > > > > > #This is a cheesey script by j at yourlinuxguru.com
> > > > > > #feel free to modify it at your own risk.
> > > > > >
> > > > > > #I need to set default rules first
> > > > > > #!/bin/sh
> > > > > > # Flush current settings
> > > > > > iptables -P INPUT ACCEPT
> > > > > > iptables -F INPUT
> > > > > > iptables -P OUTPUT ACCEPT
> > > > > > iptables -F OUTPUT
> > > > > > iptables -F FORWARD
> > > > > > iptables -t nat -F
> > > > > >
> > > > > > #I need to load a module
> > > > > > /sbin/modprobe iptable_nat
> > > > > >
> > > > > >
> > > > > >
> > > > > > #I am enabling ip forwarding right here
> > > > > > echo 1 > /proc/sys/net/ipv4/ip_forward
> > > > > >
> > > > > >
> > > > > > iptables -A PREROUTING -t nat -p tcp -d 63.64.250.206 --dport
>
> 80 -j
>
> > > DNAT
> > >
> > > > > > --to 192.168.2.30:80
> > > > > >
> > > > > >
> > > > > >
> > > > > > #Now I make sure packets can forward
> > > > > > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> > > > > >
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > http://www.ntlug.org/mailman/listinfo/discuss
> > > > >
> > > > > _______________________________________________
> > > > > http://www.ntlug.org/mailman/listinfo/discuss
> > > >
> > > > _______________________________________________
> > > > http://www.ntlug.org/mailman/listinfo/discuss
> > >
> > > _______________________________________________
> > > http://www.ntlug.org/mailman/listinfo/discuss
> >
> > --
> >
> > L. Wayne Patterson
> > Linux User #207455
> > "Change lays not her hand upon Truth"
> > Algernon Charles Swinburnee
> >
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss

-- 

L. Wayne Patterson
Linux User #207455
"Change lays not her hand upon Truth"
Algernon Charles Swinburnee

More information about the Discuss mailing list