LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Ipchains question (https://www.linuxquestions.org/questions/linux-networking-3/ipchains-question-803/)

jrmann1999 02-07-2001 11:02 PM
Here's the situation:

My linux machine is my masq'd firewall for my internal network. I have apache running on port 80(obviously) however I also have a 2000 machine running IIS behind the linux machine. I would like to run it's webserver, and forward the requests sent to my IP(currently only have one) on a certain port(say, 7000) to my 2000 IIS machine. Any clue how I might do this(for those confused, I'll draw out a simple example)

1. Client sends data to port 7000 on Linux machine
2. Linux machine sees request on 7000, forwards to 2000 machine on port 80
3. 2000 machine processes data, then sends back information through the firewall to the linux machine.
4. Cycle repeats.

Thanks
J

mjakob 02-08-2001 02:02 PM
First off, you don't mention which distribution or version you're using. I'll assume a newer version of RedHat.

What you want to do is pretty easy. You need to get a hold of a program called ipportfw. This is available as an rpm file for redhat, or you can get the source for other distributions. For even more info on what ipportfw will do, see the following page: http://www.linux.org/docs/ldp/howto/...tml#Forwarders

I can't seem to come up with too much info on it right now. The search on RedHats site doesn't seem to be working. But once you have the ipmasqadm installed, you would add to following lines at the bottom of your ipchains script:

------------------------------------------------------------
#This line flushes any port forwarding rules in effect
/usr/sbin/ipmasqadm portfw -f


# This allows SMTP and POP through to our mail server
/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.x.x.x 25 -R 192.168.1.3 25
/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.x.x.x 110 -R 192.168.1.3 110
------------------------------------------------------------

These lines are directly from my own firewall and allow mail from the rest of the world to be exchanged with the mail server that is behind my firewall.

note- 24.x.x.x is my IP address which has been changed to hide it.

To do what you need to do, you would have a line that looks like this:

/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.x.x.x 7000 -R 192.168.1.50 80

Change 24.x.x.x to the ip address of your linux box, and change 192.168.1.50 to the ip of your Windows box and all traffic on 24.x.x.x:7000 will be moved to port 80 on 192.168.1.50. The nice part of this setup is that the Windows box will see the real IP address of the host connecting, and will therefore log the correct ip addresses instead of the ip address of you linux box.

-Mark


All times are GMT -5. The time now is 08:48 PM.