On 10/29/2010 3:22 AM, Rudi Ahlers wrote:
> Hi all,
>
> I wonder if someone can help me with this: The setup is as follows:
>
> 192.168.1.254 - wireless ADSL modem, with DHCP pool on 192.168.100 - 192.168.200
> 192.168.1.250 - Linux firewall RED interface
> 192.168.2.250 - Linux firewall GREEN interface.
>
> There are some normal LAN clients behind the Linux firewall's GREEN
> interface, which can all access each other's shared services and also
> all the clients behind the RED interface. i.e. those clients connected
> to the 192.168.1.254 ADSL wifi APP directly.
>
> Now I want the clients on the "outside" to connect to one specific
> host on the inside, behind the GREEN interface, on IP 192.168.1.20.
> How would I do that? I know I can do this with port fowarding, but
> need many ports forwarded. How do I give full access to all ports on
> this IP, instead of forwarding every port? Does that make sense?
<snip>
Not much of a firewall if you allow everything, unless you're limiting
the "outside" IPs.
Other solutions would be to allow either a range of ports.
Ex
--dport 5000:5500
--dport 1024:65535 (all unassigned ports)
or define the ports you wish to allow with a variable
Ex
FORWARDPORTS="1024 1025 1026"
even a hybred like this should work
Ex
FORWARDPORTS="1024 1025 1026 5000:5500"
Then call the variable in your forward rules.
Dan
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
