RE: TCP/IP Port Relay

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



As was implied before, both interfaces are connected internally (IntrA-net) and before I try the relay with VPN, I'm testing it on another internal computer (just to eliminate any VPN potential problems).

Frank M. Ramaekers Jr.
Systems Programmer                   MCP, MCP+I, MCSE & RHCE
American Income Life Insurance Co.   Phone: (254)761-6649
1200 Wooded Acres Dr.                Fax:   (254)741-5777
Waco, Texas  76710
	

-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Vahur Jõesalu
Sent: Thursday, April 24, 2008 11:28 AM
To: CentOS mailing list
Subject: Re:  TCP/IP Port Relay

well you can't - to the best of my knowledge. And I cannot see the 
reason for wanting it. The idea of using -i and -o in FORWARD chain is 
to specify the direction traffic is allowed to go. It could be that 
firewall is blocking all outgoing traffic. Omitting -i and -o would 
allow the internal server to initiate traffic to port 23 anywhere in the 
internet.

Virtual interface is for assigning additional IP-s to same interface, so 
   any rules regarding interface still apply to the whole of physical 
network card.

-vahur


James Pifer wrote:
> On Thu, 2008-04-24 at 17:27 +0300, Vahur Jõesalu wrote:
>> hmm, if I understood you correctly, then this should work just fine (on 
>> linux firewall):
>>
>> /sbin/iptables -t nat -I PREROUTING -p tcp --dport 23 -j DNAT \
>> --to telnetserverip:port-number
>> /sbin/iptables -I FORWARD -i external_interface -o internal_interface \ 
>> -p tcp -d telnetserverip --dport portnumberontelnetserver -j ACCEPT
>>
>> after a reboot or firewall service restart it's gone again.
>>
>> -vahur
> 
> Sorry to jump in on someone else's thread, but... How do you do this if
> the interface you want to use is a virtual? Meaning it's eth0:1 for
> example? The -i parameter will not let you use that. 
> 
> Thanks,
> James
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

_____________________________________________________
This message contains information which is privileged and confidential and is solely for the use of the
intended recipient. If you are not the intended recipient, be aware that any review, disclosure,
copying, distribution, or use of the contents of this message is strictly prohibited. If you have
received this in error, please destroy it immediately and notify us at PrivacyAct@xxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux