Re: How to access one machine behind iptables, on different subnet?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 10/29/2010 3:22 AM, Rudi Ahlers wrote:
> Hi all,
>
> I wonder if someone can help me with this: The setup is as follows:
>
> 192.168.1.254 - wireless ADSL modem, with DHCP pool on 192.168.100 - 192.168.200
> 192.168.1.250 - Linux firewall RED interface
> 192.168.2.250 - Linux firewall GREEN interface.
>
> There are some normal LAN clients behind the Linux firewall's GREEN
> interface, which can all access each other's shared services and also
> all the clients behind the RED interface. i.e. those clients connected
> to the 192.168.1.254 ADSL wifi APP directly.
>
> Now I want the clients on the "outside" to connect to one specific
> host on the inside, behind the GREEN interface, on IP 192.168.1.20.
> How would I do that? I know I can do this with port fowarding, but
> need many ports forwarded. How do I give full access to all ports on
> this IP, instead of forwarding every port? Does that make sense?
<snip>
Not much of a firewall if you allow everything, unless you're limiting 
the "outside" IPs.

Other solutions would be to allow either a range of ports.
Ex
--dport 5000:5500
--dport 1024:65535 (all unassigned ports)

or define the ports you wish to allow with a variable
Ex
FORWARDPORTS="1024 1025 1026"

even a hybred like this should work
Ex
FORWARDPORTS="1024 1025 1026 5000:5500"
Then call the variable in your forward rules.

Dan


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux