LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-30-2004, 12:24 PM   #1
brianv
LQ Newbie
 
Registered: May 2004
Distribution: SuSE 9.1
Posts: 3

Rep: Reputation: 0
Port Forwarding on RedHat 9 with single NIC


Not sure if anyone can help, but seem to be going around in circles by myself.

The setup is: Linux server running Redhat 9 with one NIC. This is connected to a network through a switch and the network is connected to the Internet through a router.

I run a document management system on the server and store all the files. This is accessible from the Internet for home working.

There is also an email server which handles internal and external emails for the office. This does not route mail from the Internet. It is only accessible locally.

For remote administration of the server I use telnet, ftp and webmin.

All this is currently secured using a Firestarter firewall. Although the server is currently behind the router firewall too. I have installed Firestarter while attempting to answer the following question.

My problem is that I need to run software to remotely administer the Windows PCs (we do not run any form of NT server or Terminal Services), which I already have and use. The problem is that due to the nature of our document management system I have now run out of port forwards in the router so can't reach the Windows PC.

What I would like to do is place the Linux server in the DMZ (it will still be protected by Firestarter) and use it to Port Forward to a Windows PC. The Windows PC can act as a gateway to all the other Windows PCs on the network. I want to keep the rest of the network behind the router firewall.

With Firestarter you only get port forwarding when there are two NICs. Is there anyway to port forward using only one NIC? I will happily consider an alternative firewall such as Shorewall.

I found a stand-alone port forwarding application for Windows, which works well, but I don't want to place a Windows PC in the DMZ even with a firewall installed. If a Windows PC with one NIC can do it surely Linux can.

So the question is: Is it possible to port forward from a Linux server with only one NIC, which is placed in the DMZ of a NAT protected network?
 
Old 05-30-2004, 01:09 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Welcome to LQ.

Rather than doing that I would offer you another - much more secure alternative. You are currently running telnet - to see why this is a bad idea take a look at:
http://wiki.linuxquestions.org/wiki/Telnet_and_SSH

Instead I would reccomend installing ssh which will secure your data transfer and also offer you port forwarding facilities.
 
Old 05-30-2004, 01:27 PM   #3
Alex Cavnar
Member
 
Registered: Jun 2003
Location: Nashville, TN
Distribution: FreeBSD, Slack, and DebianPPC
Posts: 60

Rep: Reputation: 15
david_ross makes a very good suggestion. SSH allows you to forward and encrypt whatever kind of traffic you want.

Additionally, you might want to consider using alternate ports on the router, and forwarding them to the correct Windows boxen's ports. For instance, say your router's external IP was 10.0.0.1, and you had three boxes, (192.168.1.50-52)each with telnet on them, running on port 23. You could map the ports and IP addresses as such:

10.0.0.1 port 5023 -> 192.168.1.50 port 23
10.0.0.1 port 5123 -> 192.168.1.51 port 23
10.0.0.1 port 5223 -> 192.168.1.52 port 23

You'd have to manually configure your client software to reach the port on the external IP address, but it would afford you more flexibility in terms of port forwarding. I haven't messed much with DMZ's, but it could be possible to do what you've asked-- setting up a Linux host in the DMZ, and then setting up some special type of proxy software that passes the packets to and from the hosts you'd like to administer. Squid comes to mind, but I don't know if it handles more than HTTP traffic.
 
Old 05-30-2004, 01:31 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
I think the problem is that his router has reached some kind of limit on the number of ports it can forward.

Using ssh would mean that you only need to forward one port on the router to access a virtualy unlimited number of clients at the same time. You can also free up a space for fowarding port 22 for ssh by getting rid of telnet for ever.
 
Old 05-30-2004, 06:01 PM   #5
brianv
LQ Newbie
 
Registered: May 2004
Distribution: SuSE 9.1
Posts: 3

Original Poster
Rep: Reputation: 0
Smile

Cheers david! I'll give that a shot and let you know the results. Always happy to shore up any potential holes in the security! Haven't done anything with SSH so will go and study up on it now.

Brian
 
Old 05-31-2004, 06:36 PM   #6
brianv
LQ Newbie
 
Registered: May 2004
Distribution: SuSE 9.1
Posts: 3

Original Poster
Rep: Reputation: 0
Worked an absolute treat! All port forwarding working and by using CygWin I can run xterm sessions too!

For those with similar problems check out PuTTY too. Very easy to use and set up.

Thanks for the advice!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I do port forwarding redhat? tethysgods Linux - Hardware 1 08-02-2004 05:37 PM
Port Forwarding with one Nic kharris Linux - Networking 4 08-08-2003 02:57 PM
Port Forwarding RedHat 9 dwest576 Linux - Networking 4 06-29-2003 02:06 PM
IPChains + port forwarding + redhat 7.2 purduephotog Linux - Networking 2 04-22-2002 04:38 PM
Forwarding a single port Tjousk Linux - Networking 2 06-04-2001 01:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration