On March 4, 2004 04:08 am, Thomas E. Dukes wrote: > > -----Original Message----- > > From: redhat-list-admin@xxxxxxxxxx > > [mailto:redhat-list-admin@xxxxxxxxxx] On Behalf Of Pete Nesbitt > > Sent: Thursday, March 04, 2004 12:52 AM > > To: redhat-list@xxxxxxxxxx > > Subject: Re: What do I need to do? > > > > On March 3, 2004 05:51 pm, Thomas E. Dukes wrote: > > > Hello, > > > > > > I'd like to have a local machine behind a firewall to receive www > > > requests from the outside. I have a firewall using IP > > > > Masqueurading > > > > > with port forwarding but that doesn't work. I keep getting > > > > the "visable" machine. > > > > > Do I need to setup a bridge, proxy server or is there > > > > something I need > > > > > to do with my local dns, etc.? I don't really know what this is > > > called to know where to start. > > > > > > TIA > > > > Hi Thomas, > > I'm running a similar setup, but the server is in a dmz. All > > you need for that aspect of the firewall rules is pre and > > post routes above the main rules, something like: > > > > #inbound redircts to webserver (all one line) $IPTABLES -A > > PREROUTING -t nat -p tcp -i $EXT_IF --dport 80 -j DNAT > > --to-destination $WEB_SERVER_IIP > > > > # outbound web server connections are all masquaraded (all > > one line) $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s > > $WEB_SERVER_IP -j MASQUERADE > > Thanks for your help!! > > What are the values for $EXT_IF and $WEB_SERVER_IIP? I am guessing $EXT_IF > is the single external ip address and $WEB_SERVER_IIP is the internal ip > addrerss of the local machine behind the firewall, right? > > Wouldn't I need to change the port to something different than 80, such as > 8080, so I can get www requests on both the visable and internal machine? > (The internal machine is a XP Pro server. I want to be able to run ASP > applications that use MS_Access or MSSQL databases.) > $EXT_IF is your external interface, typically eth0 and $WEB_SERVER_IIP (should be IP not IIP) would be the web servers IP address. It is good practice and makes for easy tweaks if you use variables and defie they at the top of your script: IPTABLES=/sbin/iptables EXT_IF="eth0" WEB_SERVER_IP="192.168.1.3" To use both boxes as web servers, you probably need to set the incomint port to say 8080, but the internal (redirected) can be anything (including 80), so to redirect requests arriving on port 8080 and sending them to port 9090 on the internal, the inbound, the rules would be: #inbound redircts to webserver (all one line) $IPTABLES -A PREROUTING -t nat -p tcp -i $EXT_IF --dport 8080 -j DNAT --to-destination $WEB_SERVER_IP:9090 -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list