Firewall and proxy!?
I have a small network at my house, 5 pc's to be exact! One of them is running as a gateway and is masqurading my internal network to the Internet. I have no problems when it comes to contacting/downloading, internally, from the Internet (of course), but how can i contact one specific machine inside my network from the Internet???
Hope this question makes any sense at all!! :) Hommi |
depends on what's running it.
What's running the gateway ? i.e firewall software and kernel version. You need do something called port forwarding to non assigned ip addresses. /Raz |
The gateway is running SuSE Linux 7.0 with kernel 2.2, with SuSE firewall (ipchains packet filtering...) Is it possible to do port forwarding with ipchains or do I need iptables? Where can i find out about port forwarding?
By the way, thanks! :) Hommi |
ipchains can't do it on its own. "iptables can with DNAT option"
ok you need some software called "ipmasqadm" once you have installed the software you need to make sure the ipchains rules allow inbound connections to the port no. you need. i.e # accepts inbound http requests ipchains -A input -p tcp -s 0/0 --sport 1023:65535 -d 242.38.126.140 --dport 80 -j ACCEPT Then load the module: modprobe ip_masq_portfw Then the syntax once the "ipmasqadm" software is loaded would be: # ipmasqadm portfw -a -P tcp -L 242.38.126.140 80 -R 192.168.1.7 80 ---------- what the -------- -a = add append or something like that -P tcp = protocol 242.38.126.140 = your real external ip address on the ipchains box 80 = port on the ipchains box "httpd" -R = redirect to 192.168.1.7 = your internal ip address 80 = port on the internal ip address "httpd" /Raz |
Thanks alot!! :)
I have a dynamic ip-address that changes every 14 days by my ADSL-provider. You know about any workarounds so that I don't have to update manually? Can I use a hostname instead of an ip-address with the -d and -L option? Hommi |
I'm guessing you would need to write a script that takes the new ip address and re-runs the port forwarder.
something like: #! /bin/sh INET_IP="`/sbin/ifconfig eth0 2> /dev/null | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" ipmasqadm portfw -f ipmasqadm portfw -a -P tcp -L $INET_IP 80 -R 192.168.1.7 80 /Raz |
Thanks!
Just one last thing. I don't have ipmasqadm installed on my gateway, and i'm having trouble finding it on the net. Do you know where I can find it? The source code, not as rpm? Hommi |
it use to be at http://juanjox.linuxhq.com/ipmasqadm-0.4.2.tar.gz
but the link is dead for me. sorry. /Raz |
All times are GMT -5. The time now is 10:14 AM. |