ipchains: forwarding packets HELP!!!

ipchains: forwarding packets HELP!!!

Post by Ari Bau » Sun, 12 Sep 1999 04:00:00



I've been dealing with a variation of this for a long long time, I need
help to resolve it.

I'm now running 2.3.0 with the ipchains software.

I'm setup with a cable modem to a linux box, then back out to an
internal network with a second card.

if I want anyone that calls up my ip address on a browser to be
redirected to another machine on my internal network, how do I do it?

I've got my Linux firewall server as 192.168.1.8
An internal machine is 192.168.1.5 running a Win95 web server

I figure it's something like:
ipchains -A input -s 0.0.0.0/0 -p tcp -d 192.168.1.8 80 -j REDIRECT
192.168.1.5 80

but I just can't figure it out. Any help ASAP would be much appreciated.

Oren Baum

 
 
 

ipchains: forwarding packets HELP!!!

Post by Colvi » Sun, 12 Sep 1999 04:00:00


Ari:  192.168.1.8 is a private ip address.  It can never be the destination
address of an incoming connection from the real internet.  The destination
address would be the ip address assigned to your other ehternet port that is
attached to your cable modem.  If you are using DHCP on that port, then the
address may change from time to time and won't be known in advance for your
rule.  Thus sepcify that the input is on ethx where x is the number of the
ethernet card attached to your cable modem.

However, the ipchains HOWTO indicates that a port number can follow the
REDIRECT target.  It does not say that an IP Address can be included as
well.  So what you want to do may not work.  There are no explicit examples
given.  I would be interested to here if this is really possible as well.

Regards
Bill Colvin


>I'm setup with a cable modem to a linux box, then back out to an
>internal network with a second card.

>if I want anyone that calls up my ip address on a browser to be
>redirected to another machine on my internal network, how do I do it?

>I've got my Linux firewall server as 192.168.1.8
>An internal machine is 192.168.1.5 running a Win95 web server

>I figure it's something like:
>ipchains -A input -s 0.0.0.0/0 -p tcp -d 192.168.1.8 80 -j REDIRECT
>192.168.1.5 80

>but I just can't figure it out. Any help ASAP would be much appreciated.

>Oren Baum



 
 
 

ipchains: forwarding packets HELP!!!

Post by mist » Mon, 13 Sep 1999 04:00:00



Quote:>I've been dealing with a variation of this for a long long time, I need
>help to resolve it.

>I'm now running 2.3.0 with the ipchains software.

>I'm setup with a cable modem to a linux box, then back out to an
>internal network with a second card.

>if I want anyone that calls up my ip address on a browser to be
>redirected to another machine on my internal network, how do I do it?

*snip*

I'd look at the ipmasqadm program, as it seems to do just what you
require.  You need certain kernel compile options set, too.

--
Mist.

 
 
 

1. ipchains - forwarding - packet filtering

okay.. here is my scenario..

|---------------------------------------------------ISP
                                         |
                      DSL/CABLE(192.168.0.1)
                          ROUTER / SWITCH
                              |            |
                              |            |------------eth0 - LINUX BOX -
eth1 ------------  WIN2k IIS SERVER (192.168.10.2)
                              |              (192.168.0.2)
(192.168.10.1)
                              |
                              |
                              |---------LAPTOP(192.168.0.3)

The IIS Server is Running on PORT 80
From the Linux BOX, with Netscape Communicator.. I CAN connect to the win2k
IIS Machine by typing in it's IP .. (192.168.10.2)
However from the LAPTOP (192.168.0.3) I type in 192.168.0.2 and I would like
it to forward the request to the Win2k IIS Server on port 80..
This is not the CASE.. instead, the "connection with the server could not be
established"
I'm sure there is a ipchains line that will forward traffic arriving at
192.168.0.2 (eth0) through the Linux Box, out eth1 .. and into the IIS
Server.

The following is the only line in my ipchains..  it is allowing my win2k IIS
Server to communicate with the internet or the Laptop (192.168.0.3)

-A forward -i eth0 -s 192.168.10.0/24 -d 0.0.0.0/0 -j MASQ

At this point I am not concerned in being able to make the connection to the
IIS Server From the internet..  I would like to be able to type the linux
box eth0 IP in my browser (laptop) and have it forward me through to the IIS
Server.

- Thanks -

2. How do I update glibc?

3. ipchains: How do I forward packets from a specific port to another machine?

4. How to split file by uuxfer20?

5. Ipchains stops forwarding packets??

6. Where can I find KERMIT for AIX?

7. IPCHAINS: Forwarding packets to specific devices

8. where's netscape on RH5.1?

9. Using "ipchains -P forward DENY" instead of disabling ip-forwarding?

10. IPCHAINS -F (or) IPCHAINS -F input, output, forward

11. IPChains not forwarding correctly -- HELP PLEASE

12. Help with ipchains and ip forwarding

13. IPchains and IP forwarding?..Help