Firewall Wizards mailing list archives
RE: Linux rinetd and NT IIS logging (synch)
From: Keith Morgan <kmorgan () imixinc com>
Date: Fri, 11 Aug 2000 10:41:58 -0400
Hey, thanks a bunch. This worked like a charm. I had considered this before and had trouble with the ipmasqadm documentation. The part that I had failed to think of was the masquerading of the return packets from the webserver through the firewall. This configuration basically allows me to perform static NAT through linux. With my background being checkpoint, I saw this as a major limitation of linux. Now 'aaah haayave SEEEEN the light!'. The built-in load balancing is a major plus as well. Thanks again. -Keith Morgan siglite () imixinc com -----Original Message----- From: Wes Chalfant [mailto:wes () peabody com] Sent: Tuesday, August 08, 2000 2:47 PM To: Keith Morgan Cc: 'firewall-wizards () nfr net' Subject: Re: [fw-wiz] Linux rinetd and NT IIS logging (synch) Keith Morgan wrote:
I'm running a linux ipchains based firewall. I've been running rinetd for the http and https service ports, redirecting the traffic off to a DMZ. (for those of you questioning rinetd's capabilities, so far, no complaints with a medium traffic load, and no crashing like redir) Now, IIS reports the source address as the dmz interface on the firewall, just as rinetd's docs indicate it will. My question of the day, is: Has anyone written any scripts or programs to synch rinetd's logs with IIS's logs?
I don't know if this applies to your situation or not, but you may find it simpler to configure the Linux firewall so that the IIS system receives actual client source IP addresses instead of the DMZ IP address. That way, you don't have to try to merge multiple logs. You can do this by using the port forwarding feature of Linux 2.2 networking. You can configure this most easily with ipmasqadm. ipmasqadm is not included in most standard distributions, however. You can get a copy from the RedHat "contrib" directory; a copy of that rpm is also on "rpmfind.net" at http://rpmfind.net/linux/RPM/contrib/libc6/i386/ipmasqadm-0.4.2-3.i386.html. The commands you'd use would be something like: ipmasqadm portfw -a -P tcp -L <external_ip> http -R <iis_ip> http ipmasqadm portfw -a -P tcp -L <external_ip> https -R <iis_ip> https where external_ip is the external IP address at which you want the web server to appear and iis_ip is the internal address of the IIS server. Note that for the reverse routing to working properly, you need to configure masquerading on connections forwarded from the IIS machine to the Internet. You don't have to configure masquerading for all internal hosts (although perhaps you already do). The masquerading causes the packets returned from the IIS server to have the source address changed to the external address of the firewall (which is what the client is expecting). Incoming packets to the forwarded ports have their destination IP addresses rewritten to "iis_ip" and are forwarded to "iis_ip" by the firewall; their source addresses are unchanged. Packets from "iis_ip" have the client's IP address as their destination; these are routed by the firewall masquerade code which rewrites the source address to the external IP address of the firewall. From the client's standpoint, all packets are between itself and the external IP address; from the IIS server's standpoint all packets are between itself and the actual client IP address. As a result, the logs show actual client IP addresses and everything works. ipmasqadm can also be used to configure the kernel to forward traffic on one port to multiple servers. I've never used that feature so I don't know how well it works. There is some documentation regarding ipmasqadm in section 6.8 of the "Linux IP Masquerade HOWTO" (http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html) -- Wes Chalfant Peabody Systems wes () peabody com (714) 639-8643 FAX (714) 639-2817 _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: Linux rinetd and NT IIS logging (synch) Keith Morgan (Aug 11)
- Linux firewall help... Daniel Linder (Aug 12)
- Re: Linux firewall help... R. DuFresne (Aug 14)
- Re: Linux firewall help... George Bourozikas (Aug 14)
- Linux firewall help... Daniel Linder (Aug 12)