[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Firewall rules / filtering

Subject: [ale] Firewall rules / filtering
From: chris.ricker at genetics.utah.edu (Chris Ricker)
Date: Thu, 15 Jul 1999 14:55:16 -0600 (MDT)

On Thu, 15 Jul 1999, Michael A. Smith wrote:

> I would like incoming traffic to my firewall on port 80 to be routed to a
> web server inside my firewall.  Does anyone have a good rule using ipchains
> to do this?
> 

Ipchains won't do that.  You need to enable IPPORTFW when you compile your
kernel, and then use ipmasqadm [1].

Note that for ipmasqadm to work, though, you do have to be forwarding the
packets with ipchains as well first (is this getting confusing yet? ;-).

Something like

ipchains -I forward -p tcp -s 10.0.0.1/32 80 -j MASQ
ipmasqadm portfw -a -P TCP -L 1.2.3.4 80 -R 10.0.0.1 80

(where 1.2.3.4 is your firewall ip and 10.0.0.1 is your internal web server)

should be enough to get you started.

You can also do all this entirely in userspace, using redir which sets up a
socket connection between your firewall and your web server, and shoves
everything coming to port 80 on the firewall down that socket.  I've not
used it in a long time and ipmasqadm is the recommended solution, though.

later,
chris

[1] http://juanjox.linuxhq.com/

-- 
Chris Ricker                                               kaboom at gatech.edu
                                              chris.ricker at genetics.utah.edu

Prev by Date: [ale] Looking for something to do tonight.
Next by Date: [ale] Semi random lock ups
Previous by thread: [ale] Firewall rules / filtering
Next by thread: [ale] [ale-admin] Minnesota Linux User in Atlanta
Index(es):
- Date
- Thread