Internet services on internal machines

Internet services on internal machines

Post by Mik Miffli » Wed, 29 Aug 2001 16:10:14



I have several machines all going through a NAT router in my home.  I want
to run a service on an internal machine.  In the ipchains howto, it
mentions port forwarding, but doesn't give any examples.  How is this done?

--
 - Mik Mifflin

 
 
 

Internet services on internal machines

Post by EL C » Wed, 29 Aug 2001 16:48:03


go to www.pointman.org and download and install it.. then go to
www.rpmfind.net and download iportfwadm for port forwarding.. and u
are done dude

On Tue, 28 Aug 2001 03:10:14 -0400, Mik Mifflin


>I have several machines all going through a NAT router in my home.  I want
>to run a service on an internal machine.  In the ipchains howto, it
>mentions port forwarding, but doesn't give any examples.  How is this done?

>--
> - Mik Mifflin


 
 
 

Internet services on internal machines

Post by Dean Thompso » Wed, 29 Aug 2001 22:43:58


Hi!,

Quote:> I have several machines all going through a NAT router in my home.  I want
> to run a service on an internal machine.  In the ipchains howto, it
> mentions port forwarding, but doesn't give any examples.  How is this done?

The ipchains program doesn't support the functionality that you require
directly.  If you use the 2.2.x kernel family, then you can use the ipmasqadm
package with the "autofw" command to do port forwarding or you can use the
"redir" command to redirect ports.

If you are using the 2.4.x kernel family, then I would suggest using the DNAT
functionality that exists within the iptables program.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

1. Making an internal machine visible to the Internet

I have set-up a network of Linux machines, connected to the
Internet via a Linux box acting as a masquerading gateway.
I am using Slackware 3.1 with Linux kernel 2.0.29 and the in-kernel
firewalling and masquerading.
Everything works great in the internal network and with connections
originated from inside. The problem is, I have a server with a couple
of IP addresses, one on the internal network and another on the
external network, but only one interface card (it is using aliasing).
The server of this network should be visible from the outside,
and of course it must stay connected on the inside network, because
it is a NFS server and we can't afford to send 40 clients through
a firewall anytime somebody uses his home directory.
The real problem is that this must be done in a transparent way:
by now, the only way I found to estabilish a connection from a
machine on the outside to the server is to manually set a route on the
external machine that says to use the Linux firewall as the gateway
to reach the server. Obviuosly this should be done on all the
machines trying to contact the server, and it is therefore not possible.
Of course the same behaviour could be obtained by modifying the
routing tables on the main router, but I have no access to it, and
for burocratical reasons it can't be done (not in this millennia,
at least...).
The question is: there is any way to make the Linux router get the
packets directed to the server and forward it on the internal network ?
I have tried proxy ARP, by declaring an entry on the gateway with
the IP address of the server and the MAC of the external interface
of the gateway, but it doesn't work. It happens that ARP requests
remain unanswered, and I have the suspect that it is not entirely
possible to proxy an ethernet adapter (I have always heard of SLIP
or PPP proxying only).
I have also tried gated: I thought that maybe the main router could
update its routing tables without manual intervention if another
router appeared on the net, but it didn't work also. Since I had
found no documentation with the gated binary I got, I can't really
say if it was a misconfiguration problem or if the main router refused
to update its tables because it didn't trust my own gateway.

Does somebody has any hint or (better) solutions for this problem ?
Many thanks in advance.

D. Gordini

2. KDE 1.1 scrolling screen

3. Access internal machine through gateway from internet?

4. 90 MHz Pentium by Gigabyte: Will Linux Run?

5. Blocking Internal machines from Access to the Internet

6. Remote-Login as root

7. Internet Service for Networked Machines

8. X-citer

9. Connecting to the Internet via Internet service provider (How?)

10. can machines on an internal net contact machines on the external net

11. connect a linux machine to the internet via internet connection sharing

12. Using My Linux Machine as an Internet Gateway for my W95/NT Machines

13. Howto redirect traffic from local machine to internet back to local machine?