Re: IPTables forwarding rule

From: Black Adder (home_at_home.com)
Date: 07/21/04

  • Next message: Harry Phillips: "Re: IPTables forwarding rule" 
    Date: Wed, 21 Jul 2004 21:01:21 +1000

    I had a client similar to that too. I threw in an IPCOP box for them, and
    took out the firewall 

    -- 
----------------------------------------------------------------------------
------------------------------------------------------------
"It's all coming back to me now", said the blind man as he peed into the
wind
"Harry Phillips" <harry@hkjsfh.com> wrote in message
news:i7p1t1-n1u.ln1@free.teranews.com...
> I have a client with a firewall device that has a limited interface to
> iptables (I cannot ssh into it either). All you can do is forward a port
> to another IP address, you can't restrict it to a certain source IP.
>
> I have set it up to forward port 22 to my Linux box, that then has
> IPTables to accept anything local and drop everything else except my
> ADSL modem IP.
>
> Now I want to do a similar thing except forward the packets to another
> internal host. I have no idea where to start and what rules to use. The
> setup is:
>
>                   _____________________
>                  |  (firewall device)  |     |---> |192.168.1.50|
> internet <----> |ext_ip  192.168.1.254| <---|---> |192.168.1.1 |
>                  |_____________________|     |---> |192.168.1.x |
>
>
> I want the Linux box (192.168.1.1) to forward port x to 192.168.1.50,
> but only if the source is my ADSL modem IP.
>
> Do I use the NAT and PREROUTING, POSTROUTING, FORWARD? I have examples
> from the Internet if the Linux box and the host it is forwarding to are
> on different networks but not when they are on the same network.
>
> -- 
> Regards,
> Harry Phillips
  • Next message: Harry Phillips: "Re: IPTables forwarding rule"

    Relevant Pages

    • RE: seeking a better understanding
      ... were to breach that port, could they do more than deface my website? ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ... use on a linux machine, and do the spot trojans as the MS ones do? ...
      (Security-Basics)
    • Re: seeking a better understanding
      ... > were to breach that port, could they do more than deface my website? ... Other boxes are Linux. ... I know this is a firewall, but I don't think it is like the ... > use on a linux machine, and do the spot trojans as the MS ones do? ...
      (Security-Basics)
    • Re: Remote Admin Tools source code for Delphi 4,5,6 & 7
      ... this way I guess the traffic is outbound form the client to ... be remoted and opens up a channel on the firewall. ... the actual client you are going to remotely control. ... all using the same configuration and one Port on your machine. ...
      (borland.public.delphi.thirdpartytools.general)
    • RE: seeking a better understanding
      ... were to breach that port, could they do more than deface my website? ... or do I need a middle box running some form of firewall ... Other boxes are Linux. ... use on a linux machine, and do the spot trojans as the MS ones do? ...
      (Security-Basics)
    • Re: open a certain port
      ... My firewall client is enabled. ... set the option to bypass proxy for internal addresses ... ISA 2004 by default allows only SSL through port 443. ...
      (microsoft.public.isa.configuration)