LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Firewall and proxy!? (https://www.linuxquestions.org/questions/linux-networking-3/firewall-and-proxy-11742/)

hommih 01-14-2002 07:47 AM
Firewall and proxy!?
 
I have a small network at my house, 5 pc's to be exact! One of them is running as a gateway and is masqurading my internal network to the Internet. I have no problems when it comes to contacting/downloading, internally, from the Internet (of course), but how can i contact one specific machine inside my network from the Internet???

Hope this question makes any sense at all!! :)

Hommi

raz 01-14-2002 08:46 AM
depends on what's running it.

What's running the gateway ? i.e firewall software and kernel version.

You need do something called port forwarding to non assigned ip addresses.

/Raz

hommih 01-14-2002 12:49 PM
The gateway is running SuSE Linux 7.0 with kernel 2.2, with SuSE firewall (ipchains packet filtering...) Is it possible to do port forwarding with ipchains or do I need iptables? Where can i find out about port forwarding?

By the way, thanks! :)

Hommi

raz 01-15-2002 09:32 AM
ipchains can't do it on its own. "iptables can with DNAT option"

ok you need some software called "ipmasqadm"
once you have installed the software you need to make sure the ipchains rules allow inbound connections to the port no. you need.
i.e
# accepts inbound http requests
ipchains -A input -p tcp -s 0/0 --sport 1023:65535 -d 242.38.126.140 --dport 80 -j ACCEPT

Then load the module:
modprobe ip_masq_portfw

Then the syntax once the "ipmasqadm" software is loaded would be:

# ipmasqadm portfw -a -P tcp -L 242.38.126.140 80 -R 192.168.1.7 80

---------- what the --------
-a = add append or something like that
-P tcp = protocol
242.38.126.140 = your real external ip address on the ipchains box
80 = port on the ipchains box "httpd"
-R = redirect to
192.168.1.7 = your internal ip address
80 = port on the internal ip address "httpd"

/Raz

hommih 01-15-2002 10:06 AM
Thanks alot!! :)

I have a dynamic ip-address that changes every 14 days by my ADSL-provider. You know about any workarounds so that I don't have to update manually? Can I use a hostname instead of an ip-address with the -d and -L option?

Hommi

raz 01-15-2002 10:39 AM
I'm guessing you would need to write a script that takes the new ip address and re-runs the port forwarder.

something like:

#! /bin/sh
INET_IP="`/sbin/ifconfig eth0 2> /dev/null | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L $INET_IP 80 -R 192.168.1.7 80

/Raz

hommih 01-16-2002 09:25 AM
Thanks!

Just one last thing. I don't have ipmasqadm installed on my gateway, and i'm having trouble finding it on the net. Do you know where I can find it? The source code, not as rpm?

Hommi

raz 01-16-2002 09:58 AM
it use to be at http://juanjox.linuxhq.com/ipmasqadm-0.4.2.tar.gz
but the link is dead for me.

sorry.
/Raz


All times are GMT -5. The time now is 10:14 AM.