Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Not sure if anyone can help, but seem to be going around in circles by myself.
The setup is: Linux server running Redhat 9 with one NIC. This is connected to a network through a switch and the network is connected to the Internet through a router.
I run a document management system on the server and store all the files. This is accessible from the Internet for home working.
There is also an email server which handles internal and external emails for the office. This does not route mail from the Internet. It is only accessible locally.
For remote administration of the server I use telnet, ftp and webmin.
All this is currently secured using a Firestarter firewall. Although the server is currently behind the router firewall too. I have installed Firestarter while attempting to answer the following question.
My problem is that I need to run software to remotely administer the Windows PCs (we do not run any form of NT server or Terminal Services), which I already have and use. The problem is that due to the nature of our document management system I have now run out of port forwards in the router so can't reach the Windows PC.
What I would like to do is place the Linux server in the DMZ (it will still be protected by Firestarter) and use it to Port Forward to a Windows PC. The Windows PC can act as a gateway to all the other Windows PCs on the network. I want to keep the rest of the network behind the router firewall.
With Firestarter you only get port forwarding when there are two NICs. Is there anyway to port forward using only one NIC? I will happily consider an alternative firewall such as Shorewall.
I found a stand-alone port forwarding application for Windows, which works well, but I don't want to place a Windows PC in the DMZ even with a firewall installed. If a Windows PC with one NIC can do it surely Linux can.
So the question is: Is it possible to port forward from a Linux server with only one NIC, which is placed in the DMZ of a NAT protected network?
Rather than doing that I would offer you another - much more secure alternative. You are currently running telnet - to see why this is a bad idea take a look at: http://wiki.linuxquestions.org/wiki/Telnet_and_SSH
Instead I would reccomend installing ssh which will secure your data transfer and also offer you port forwarding facilities.
david_ross makes a very good suggestion. SSH allows you to forward and encrypt whatever kind of traffic you want.
Additionally, you might want to consider using alternate ports on the router, and forwarding them to the correct Windows boxen's ports. For instance, say your router's external IP was 10.0.0.1, and you had three boxes, (192.168.1.50-52)each with telnet on them, running on port 23. You could map the ports and IP addresses as such:
10.0.0.1 port 5023 -> 192.168.1.50 port 23
10.0.0.1 port 5123 -> 192.168.1.51 port 23
10.0.0.1 port 5223 -> 192.168.1.52 port 23
You'd have to manually configure your client software to reach the port on the external IP address, but it would afford you more flexibility in terms of port forwarding. I haven't messed much with DMZ's, but it could be possible to do what you've asked-- setting up a Linux host in the DMZ, and then setting up some special type of proxy software that passes the packets to and from the hosts you'd like to administer. Squid comes to mind, but I don't know if it handles more than HTTP traffic.
I think the problem is that his router has reached some kind of limit on the number of ports it can forward.
Using ssh would mean that you only need to forward one port on the router to access a virtualy unlimited number of clients at the same time. You can also free up a space for fowarding port 22 for ssh by getting rid of telnet for ever.
Cheers david! I'll give that a shot and let you know the results. Always happy to shore up any potential holes in the security! Haven't done anything with SSH so will go and study up on it now.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.