RE: possibly annoing ...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'll give you an example. It assumes a default drop policy. Also, INTIF =
internal interface, HTTP1 = external ip address clients will connect to
(www.mydomain.com resolves to this address), and HTTPDMZ1 = internal web
server.

##### Setup prerouting rules to route Internet traffic internally
## Change the destination of external $HTTP requests to the DMZ HTTP server
$ipt -t nat -A PREROUTING -i $EXTIF -p tcp -d $HTTP1 --dport 33333 -j DNAT
--to $HTTPDMZ1:80

## Allow established,related forward traffic
$ipt -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

## Allow new http forward traffic from Internet to servers in the DMZ
$ipt -A FORWARD -m state --state NEW -i $EXTIF -p tcp -d $HTTPDMZ1 --dport
80 -j ACCEPT
$ipt -A FORWARD -m state --state NEW -i $EXTIF -p tcp -d $SMTPDMZ --dport 25
-j ACCEPT

>>-----Original Message-----
>>From: netfilter-admin@lists.netfilter.org 
>>[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of PiSiC...
>>Sent: Thursday, February 27, 2003 12:15 PM
>>To: richardo@start-global.com
>>Cc: netfilter@lists.netfilter.org
>>Subject: Re: possibly annoing ...
>>
>>
>> First of all thanks for help ...
>> but i'm kinda new with iptables and i want to show you the 
>>big picture :
>>
>> - i heard something about static NAT and dynamic NAT (not source or
>>destination NAT) and i'm not sure i fully understand what is the
>>aplicability on my situation.
>>
>>the situation is this :
>>
>> i have a radio link with only one staticaly allocated  IP 
>>(aaa.bbb.ccc.ddd)
>>which is connected on my linux machine on eth1
>>eth0 on the same machine is connected on LAN.
>>I have up and running Webserver,SMTP,FTP and POP3.
>>I want to run now 2 webservers one on external and one on 
>>internal(that is
>>easy with binding on their interfaces).
>>But i want also to allow access from the world to a third 
>>webserver which
>>runs on 192.168.13.199:80 which will be accesibile on port 33333 on my
>>external ip.
>>
>>... my machine runs Slackware 8.0 with kernel 2.4.5. and i 
>>have compiled the
>>kernel with all the features included(i don't need modprobe).
>>
>>
>>I wonder if you can give me an rc.firewall for this situation 
>>or at least
>>the tricky part(webserver on 192.168.13.199) with all their 
>>related stuff.
>>
>>       Thank you very much in advance.
>>
>>                                                      Danila Octavian
>>
>>
>>
>>




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux