Firewall Wizards mailing list archives
Re: ipchains and port forwarding
From: "Robert E. Martin" <rmartin () fishburne org>
Date: Wed, 05 Mar 2003 16:07:51 -0500
Mike LaPane wrote:
Thanks for the advice everyone. It all made a difference since I'm a one man band here at the school.On Tuesday 04 March 2003 8:38 am, Robert E. Martin wrote:OK. That makes sense. I do have iproute2 working on the machine and I can make sense of the documentation, however, will this technique work across multiple segments? If I route through several subnets to get to the physical web server box, will this still work or does the machine need to be on the same physical subnet? I can go with iptables and it does seem much easier . I have considered this to be the thing to do and you know what they say, no guts, no glory!As long as you have a route to that address space it will work fine.iptables is really much easier. just remember for your fw rules - NAT first, access rules second.remember to add secondary IP addresses to your external interface (or proxy arp) - probably just as easy to add a secondary.Good luck, -Mike _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
I finally got the nat box running and doing port forwarding. I did go to iptables and it worked great. The link for the iptables tutorial, http://iptables-tutorial.frozentux.net/iptables-tutorial.html is the best. I did have to use secondary ip addresses and all that jazz. The section in the tutorial about DNAT is what did it. Now all I have to do is re-number the proxy server and, as Jackie Gleason say's, away we go..........
Thanks for all the help guys!! (big smile :) ) -- Robert E Martin IT Manager Fishburne Military School rmartin () fishburne org 540.946.7726 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ipchains and port forwarding Robert E. Martin (Mar 03)
- Re: ipchains and port forwarding Martin A. Brown (Mar 03)
- Re: ipchains and port forwarding Robert E. Martin (Mar 04)
- Re: ipchains and port forwarding Mike LaPane (Mar 04)
- Re: ipchains and port forwarding Robert E. Martin (Mar 05)
- Re: ipchains and port forwarding Robert E. Martin (Mar 04)
- Re: ipchains and port forwarding Martin A. Brown (Mar 03)
- Re: ipchains and port forwarding Ted Behling (Mar 03)
- <Possible follow-ups>
- RE:ipchains and port forwarding Jake L. Wegman (Mar 04)