I'm running an Eigerstein-based LRP with a (slightly) custom 2.2.19
kernel. I have several port forwarding rules set up and they all work well.
I know this is probably a bad idea, but I'd like to forward port 3306 to
a specific MASQ'd internal address, but only from a specific remote
client IP address.
I know I can set up the port forwarding in general using a line like
this in ipfilter.conf:
$IPMASQADM portfw -a -P tcp -L [ext address] 3306 -R [int server addr]
But that rule forwards everyone hunting for port 3306 to my internal
server. I know that is not a good thing. So I suppose that the indirect
way to restrict this particular rule to a specific remote client is to
put in another rule which allows port 3306 but only from the given
address, maybe something like this at the top of ipfilter.conf:
$IPCH -A $LIST -j ACCEPT -p 3306 -s [client addr] -d [ext addr] -l $*
I'm wondering, however, if there's a better way to do this? Any
suggestions or comments would be welcome.
Richard Minutillo
[EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
- Re: [leaf-user] port forward for specific slients Richard Minutillo
- Re: [leaf-user] port forward for specific slient... Lynn Avants
- Re: [leaf-user] port forward for specific slient... Charles Steinkuehler
- Re: [leaf-user] port forward for specific sl... Richard Minutillo
- Re: [leaf-user] port forward for specific slient... Richard Minutillo
