open the firewall
hi,
our comany have an internet gateway with linux red hat) intalled, i want to ask how can i add my ip address or open the firewall for my ip , like the udcp/tucp? thanks |
I assume you're using iptables, so here goes.
As the packet comes into the firewall, you need to rewrite the packet (destination) header so it points to an internal IP address. Once it's been rewritten you need to make a forwarding rule so it can then pass into the private network. This is called DNAT (destination). Similar to this... iptables -t nat -A PREROUTING -i $EXT_DEV -p tcp --dport 8080 -j DNAT --to-destination wkstn1.example.com:8080 iptables -A FORWARD -i $EXT_DEV -o $INT_DEV -p tcp --dport 8080 -j ACCEPT (substitute $EXT_DEV for eth0/1 etc..) 1. any tcp packet coming in the external device and going to port 8080, should be redirected to wkstn1 at port 8080 (where wkstn1 is internal, and resolves as internal). 2. forward any tcp (port 8080) in through the external device, and out the internal device - this is accepted because the packet has already been mangled (rule 1). check nat table with: iptables -t nat -nvL BU. |
you can try to use shorewall or firestarter as they are easier to use. especially when you wanted to configure internet connection sharing or NAT. Cheers!
Shorewall (http://www.shorewall.net) Firestarter (http://www.fs-security.com) |
I'll note that the poster doesn't mention if he's the admin of the box. \
If you're not admin on the box, or if you are and your security policy states that you have to go through the proxy, you don't. Breaking policy will likely cost you your job (as it should). |
thanks for all ur help...
|
All times are GMT -5. The time now is 02:45 PM. |