port forwarding on solaris

port forwarding on solaris

Post by Kyana » Thu, 11 Jul 2002 12:28:10



Hello,

I am running an http instance on port 8000 on my Solaris 8 server. The
reason it is not running on
port 80 is because it has be started by a non-root user (from a chroot
shell - cant sudo or su or setuid).
But I do not want clients to type :8000 in their browser to access the
webserver.

Currently, we are using port forwarding on our router to accomplish this on
one of our boxes, but
we are planning to do something similar on another box and there is no
router to do port forwarding
hence I was hoping there would be a software method. Is there a
utility/tool/program that can listen
on port 80 on my Solaris box and forward all traffic (locally) to 8000 and
vice-versa?

Example:

Quote:> client types http://www.foo.bar that resolves to my server
> utility/tool/program listening on port 80 forwards request to port 8000
(locally)
> return traffic from port 8000 is captured by utility/tool/program and
returned to client
> The client will and can not access the server on port 8000 (port is

blocked by firewall)

Thanks and regards,

 
 
 

port forwarding on solaris

Post by Roger Marqui » Thu, 11 Jul 2002 12:54:37



>Currently, we are using port forwarding on our router to accomplish this on
>one of our boxes, but we are planning to do something similar on another
>box and there is no router to do port forwarding

You need the Firewall Toolkit's plug-gw.  See <http://www.fwtk.org> for
details.

--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/

 
 
 

port forwarding on solaris

Post by Sean O'Neil » Thu, 11 Jul 2002 12:59:16




Quote:>Hello,

>I am running an http instance on port 8000 on my Solaris 8 server. The
>reason it is not running on
>port 80 is because it has be started by a non-root user (from a chroot
>shell - cant sudo or su or setuid).
>But I do not want clients to type :8000 in their browser to access the
>webserver.

>Currently, we are using port forwarding on our router to accomplish this on
>one of our boxes, but
>we are planning to do something similar on another box and there is no
>router to do port forwarding
>hence I was hoping there would be a software method. Is there a
>utility/tool/program that can listen
>on port 80 on my Solaris box and forward all traffic (locally) to 8000 and
>vice-versa?

You might give IPfilter a try - http://www.ipfilter.org
--
........................................................
......... ..- -. .. -..- .-. ..- .-.. . ... ............
.-- .. -. -... .-.. --- .-- ... -.. .-. --- --- .-.. ...

Sean O'Neill

 
 
 

port forwarding on solaris

Post by Cameron Simpso » Thu, 11 Jul 2002 13:43:54



| >Currently, we are using port forwarding on our router to accomplish this on
| >one of our boxes, but we are planning to do something similar on another
| >box and there is no router to do port forwarding
|
| You need the Firewall Toolkit's plug-gw.  See <http://www.fwtk.org> for
| details.

Or netcat:
        http://freshmeat.net/projects/netcat/?topic_id=150
        http://dcsearch.sun.com/search/sfw/index.jsp?qt=netcat&qp=&qp=
Cheers,
--

'Supposing a tree fell down, Pooh, when we were underneath it?'
'Supposing it didn't,' said Pooh after careful thought.

 
 
 

port forwarding on solaris

Post by Andrew Gabri » Thu, 11 Jul 2002 18:21:34




Quote:> Hello,

> I am running an http instance on port 8000 on my Solaris 8 server.
> Currently, we are using port forwarding on our router to accomplish this on
> one of our boxes, but
> we are planning to do something similar on another box and there is no
> router to do port forwarding
> hence I was hoping there would be a software method. Is there a
> utility/tool/program that can listen
> on port 80 on my Solaris box and forward all traffic (locally) to 8000 and
> vice-versa?

IP-filter will do this for traffic comming in from network interfaces
using its redirection facility (but not for locally looped-back traffic).

--
Andrew Gabriel
Consultant Software Engineer

 
 
 

port forwarding on solaris

Post by Kyana » Fri, 12 Jul 2002 02:52:52





> | >Currently, we are using port forwarding on our router to accomplish
this on
> | >one of our boxes, but we are planning to do something similar on
another
> | >box and there is no router to do port forwarding
> |
> | You need the Firewall Toolkit's plug-gw.  See <http://www.fwtk.org> for
> | details.

> Or netcat:
> http://freshmeat.net/projects/netcat/?topic_id=150
> http://dcsearch.sun.com/search/sfw/index.jsp?qt=netcat&qp=&qp=
> Cheers,
> --


http://www.zip.com.au/~cs/

Quote:

> 'Supposing a tree fell down, Pooh, when we were underneath it?'
> 'Supposing it didn't,' said Pooh after careful thought.

Thanks for all the sugestions. Unfortunately, I cannot consider fullblown
packages like fwtk as I want to roll this solution on several small lean
servers
in the simplest possible manner - with no additional training required

I will try netcat, which sounds simple - but before that here is something
I found and am testing. It is working on my test servers ...
http://jumpgate.sourceforge.net/

All I had to do was compile the source on Solaris (which is suported :-)
change my webserver config to run on high port (example: 8000) and then
start this "jumpgate" daemon like:

./jumpgate -l 80 -r 8000 -a 12.12.12.12

-l is local port, -r is remote port, -a is ip address of remote server - in
this case it is a
local IP address - if you dont want 8000 to be visible from outside - you
could bind
your server on localhost: 127.0.0.1 :-)

 
 
 

port forwarding on solaris

Post by Her » Sat, 13 Jul 2002 06:05:12


I have used rinetd in the past, http://www.boutell.com/rinetd/ and it works
fine.  The web page  talks about linux and windows but I was able to build it
quite happily on hp-ux so you should find it easy on solaris.

--h

[cut]

Quote:> Is there a
> utility/tool/program that can listen
> on port 80 on my Solaris box and forward all traffic (locally) to 8000 and
> vice-versa?

[cut]