Re: Newbie question. Please advise
From: Rob \ (EL-CID_at_TELUS.NET)
Date: 07/17/04
- Next message: Ron Cresswell: "Re: Routing not working - redhat 9 on cluster"
- Previous message: Alex Harsch: "Re: Setting up VPN"
- In reply to: Randy Sparks: "Re: Newbie question. Please advise"
- Next in thread: Raqueeb Hassan: "Re: Newbie question. Please advise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 17 Jul 2004 14:43:56 GMT
thanks for the info!! is so informative!!
On Sat, 17 Jul 2004 09:28:52 +0000 (UTC), Randy Sparks <none@none.com>
wrote:
>> Can I port forward a port to multiple internal IP address in a
>> network. Similar to port 80 for instance. If you setup a basic linux
>> firewall with NAT enable, it opens port 80 and forwards all pockets to
>> internal IP addresses.
>
>This is possible but it can only forward to one address. Here's why: your
>firewall machine will be the public face of your network. It will have a
>single IP address given to you by your Internet Service Provider and all
>your internal network's Net traffic will seem to have come from this single
>IP address. The machines on your local network will have 192.* addresses
>which are simply local machine addresses. They won't be seen by the
>Internet.
>
>So lets say you want to access TightVNC from outside. You'll have to type
>the address of the FIREWALL into TightVNC's connection dialogue (or command
>line prompt). Your firewall will have to be configured to pass all the data
>that arrives the TightVNC port number through to one machine on the 192.*
>network. Why just one machine? Because it's nonsensical to send it to all
>of them. So how can you specify WHICH internal network machines the data
>should go to?
>
>You're going to have to use port forwarding. This will mean that when you
>attempt to connect with TightVNC on your machine at home, you're going to
>have to tell it NOT to use its standard port and use a different arbitary
>port, which you'll have already setup on the firewall. When the firewall
>receives data on the arbitary port, it will forward through to a different
>machine on the internal network. You'll need to setup a differnent port
>forward on each machine for whcih you want external TightVNC access.
>
>In other words, it'll be like this (let's say the Net address given to you
>by your ISP is 123.123.123.123 and lets choose 9400 as our arbitary port
>number)
>
>123.123.123.123:9400 >>forward to>> 192.168.1.1
>123.123.123.123:9401 >>forward to>> 192.168.1.2
>123.123.123.123:9402 >>forward to>> 192.168.1.3
>
>and so on.
>
>> Can I setup an iptable rule to allow the port I need to have open, be
>> accessible to X amount of time. lets say from 9:00 to 12:00pm?
>
>Yes. I strongly advise you to look at BBIagent, a Linux-based floppy
>firewall and gateway which appears to do everything you want and is easy to
>use.
>
>Randy
>
>
>
>>
>>
>> Please, any info is greatly appreciated. Currently I am downloading
>> mandrake and will be doing a basic install + download a firewall
>> software.
>>
>>
>> Thanks guys.
- Next message: Ron Cresswell: "Re: Routing not working - redhat 9 on cluster"
- Previous message: Alex Harsch: "Re: Setting up VPN"
- In reply to: Randy Sparks: "Re: Newbie question. Please advise"
- Next in thread: Raqueeb Hassan: "Re: Newbie question. Please advise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
