LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-24-2002, 04:28 PM   #1
dulaus
LQ Newbie
 
Registered: Sep 2002
Location: Ottawa
Posts: 13

Rep: Reputation: 0
Smile Forward port port 80 to lan web server


Hi

I have attempted numerous times to get some results with the following configuration, but have yet to get any progress to measure if I am on the right track.

I just rebuilt this box after making it very unstable

I am running Mandrake 8.1 and the last install I did was with IPTABLES. I am running DNS and PostFix along with Apache on this box, and I am connected via ADSL and a static address is served to me and it is bound to 205.150.254.x (eth0). The second card is my private network 192.168.100.1 (eth1). I have my loopback 127.0.0.1(lo) and (ppp0) bound to 205.150.254.x. I have set up routing on this using machine using 192.168.100.1 ( I don't know if I need to do this?)

I also run an WIN2000 web server, and I have been using another dedicated ADSL connection with it. This does not work out as my ISP will reboot at his end a few times a week, and WIN2000 will not reconnect like Linux will. I want to drop that second account...

I have 2 nics in this WIN2000 server, and the local network is bound to 192.168.100.100.

I need to port forward port 80 from the outside internet connection (Mandrake), 205.150.254.x to the internal web server,(IIS5) 192.168.100.100 and I don't know about DNS and SMPT & POP.

I was told to keep my zone files for domains pointed at 205.150.254.x (Linux) and everything would work with port forwarding, but everything pointed back to my Name Server and all you would see would be my default Apache web page.

If someone could get me started this would be a great help, as I have spent a long time trying to figure out just what to do. I have tried several scripts, but without any results to let me know if I am progressing with this.

Thanks very much,

Dulaus
 
Old 09-25-2002, 05:15 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,470
Blog Entries: 54

Rep: Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900
Would be cool if you posted *what* you tried instead of telling you you *tried*.
You need iptables
-t nat -A PREROUTING -i <pub eth> -p tcp -d <dest IPort> -j DNAT --to <lan IPort>
iptables -A FORWARD -i <pub eth in> -o <lan eth> -p tcp -d <Lan IPort> -j ACCEPT
iptables -t nat -A POSTROUTING -o <pub eth> -j SNAT --to-source <Lan IP>

Here's an example by Raz, there's our Search function with examples 1 and 2 , the IPMAsq howto, and then there's Linuxguru's.
 
Old 09-25-2002, 06:43 AM   #3
dulaus
LQ Newbie
 
Registered: Sep 2002
Location: Ottawa
Posts: 13

Original Poster
Rep: Reputation: 0
unSpawn,

Thanks for replying. I was going to post some scripts, but felt I was way off base.

With your example, will I be editing "rc.firewall", or do you suggest something else?.

This is a fresh default install using Mandrake 8.1, and 2.4.x kernel, IPTABLES installed and not IPCHAINS as recommended in the install.

Cheers

Dulaus
 
Old 09-25-2002, 04:35 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,470
Blog Entries: 54

Rep: Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900
Uh. I suggest you backup your old script then try it. Since I don't know Mandy (wiped after 0,5 days) it might as well be /etc/(rc.d/)rc.firewall :-]
 
Old 09-25-2002, 07:08 PM   #5
dulaus
LQ Newbie
 
Registered: Sep 2002
Location: Ottawa
Posts: 13

Original Poster
Rep: Reputation: 0
Right track with rc.firewall ?

Hi

eth0 is my outside (internet) nic address 205.150.254.x
eth1 is my internal (local) nic address 192.168.100.1

IIS5 web server nic (local) is 192.168.100.100

I have enabled routing in linuxconf.

I am reading a lot of documentation, and once I get something working I will most likely to be able to add to it.

Can anyone see anything wrong.

Thanks for your patience

/etc/rc.d/rc.firewall

# Mandrake-Security : if you remove this comment, remove the next line too.
# echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

echo 1> /proc/sys/net/ipv4/ip_forward

$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -dport 80 -j DNAT --to 192.168.100.100:80
$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp -d 192.168.100.100 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to source 192.168.100.100
 
Old 09-26-2002, 05:33 AM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
What do you have for a FORWARD POLICY?

If it is DROP, you will need to add some -m state rules to allow outward traffic.

Regards,
Peter.
 
Old 09-26-2002, 11:06 AM   #7
dulaus
LQ Newbie
 
Registered: Sep 2002
Location: Ottawa
Posts: 13

Original Poster
Rep: Reputation: 0
Forward Policy

Hi Peter,

Thank you but at this point I do not have enough background to answer any questions on Forward Policy.

I think I have to forward my internet IP, (eth0) to my second nic (eth1) 192.168.100.1 - on the linux box, and then to my web server IIS5 defined as 192.168.100.100.

At this point I do not know where packets are ending up, and how to check where things are going, and then deal with DNS, and the Mail Server which are on the linux box as well.

If I knew how to check these things I may be able to understand the tutorials better, logs, tools, etc.

No results yet, but still trying

Thanks...
 
Old 09-26-2002, 11:28 AM   #8
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
I keep referring people to this tutorial
http://www.netfilter.org/documentati...ials/blueflux/

It's very comprehensive.
You will need to absorb this, otherwise you may not understand what we are suggesting...

There is a gui interface called Firestarter which users here fancy.
http://firestarter.sourceforge.net/

Regards,
Peter
 
Old 10-01-2002, 07:32 PM   #9
dulaus
LQ Newbie
 
Registered: Sep 2002
Location: Ottawa
Posts: 13

Original Poster
Rep: Reputation: 0
Hello Peter

Thanks for the posting.

I did install Firestarter, with a bit of trouble but managed to get the firewall up. I get this warning and do not know how relevant this is...

GnomeUI-WARNING **:While connecting to session manager:
Could not open network socket.

This error happens on a manual restart (./firestarter restart)

The firewall is showing traffic on many ports, but nothing to port 80 tcp and nothing to port 53 udp.

I am not certain which IP to use for (dns) zone files since traffic will be redirected to my internal network server. 192.168.1.100:80

The Bastille Firewall firewall may also be a problem, and do not know how to disable this for testing.

Any hints would be appreciated.

Thanks
 
Old 10-04-2002, 03:45 AM   #10
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Sorry,
I don't use Firestarter myself.
Do a search here and see if your question has been asked before...

Regards,
Peter
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Outside FTP Port 21 redirect to different port inside LAN??? hendrixx Linux - Security 5 06-05-2004 06:42 PM
A way to forward an IP/Port to another system's IP/Port astroboy5714 Linux - Networking 6 01-26-2004 05:45 PM
iptables - change port and forward to a internal server leandrok Linux - Networking 0 01-16-2004 09:52 AM
Port forward ftp to windoz server (lan) dulaus Linux - Networking 6 06-11-2003 03:08 PM
Port forward blocking internal lan clients dulaus Linux - Security 1 06-06-2003 06:38 PM


All times are GMT -5. The time now is 07:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration