[NMLUG] firewall port redirect??

Jason Davis nmlug@swcp.com
Sat, 10 Nov 2001 23:36:57 -0700


On Saturday 10 November 2001 07:13 pm, you wrote:
> 
thanks..so im new to firewalls and ipchains...when you say "if your still 
using ipchains..." should i be using iptables ? i looked at the man on 
iptables and i cant figure out the diffrenice from ipchains...also all
of the firewall how tos i have read only tell how to setup with ipchains..
could you or someone please shed some light on ipchains/tables for me!
lost,
jd

Yes, you need to use ipmasqadm to do port forwarding if you're still using
> ipchains. For instance:
>
> /usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 6705 -R $NAP1 6705
>
> where $EXTIP is the ip address of my outside nic and $NAP1 is the ip
> address of an internal machine. 6705 is the port being forwarded in this
> example. My internal machines all use private addresses and are being
> MASQ'ed behind the 'chains box.
>
> Hopefully, pcanywhere uses only one port or a very small number of them.
>
> I haven't switched over to the 2.4 kernel with the new packet filtering yet
> but I understand that port forwarding is built in.
>
> Ken
>
> On 10 Nov 2001, at 18:36, Jason Davis wrote:
> > hi,
> > is it possible to write a ipchain to forward incoming pcanywhere
> > connections to clients behind my firewall using static 192.168.0.X ips. i
> > have read from a outdated how to that i need a third party utility.
> >
> > thanks,
> > jd
>
> ------------------------------------------------------
> To UNSUBSCRIBE send a message to nmlug-request@swcp.com
> with only the word unsubscribe in the body.  More
> information can be found at www.nmlug.org/info.html
> -----------------------------------------------------
------------------------------------------------------
To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html
-----------------------------------------------------