Re: lug-bg: IP and port redirect - IPCHAINS

Tue, 30 Oct 2001 10:10:52 -0800 

On Tuesday 30 October 2001 16:22, you wrote:
> za puslednu kazvam, chi:
>
> s ipchains ne e wuzmozhno redirect po IP (samo ot port na port na the same
> kochina).
> s iptables stava.
>
Da predpolagam, 4e si prav ,4e 4e samo po port za edno i syshto IP
ne e vyzmojno s ipchains.
No dali vaobshte za sl. na Marian e vyzmojno , zavisi ot samia slu4ai :)

Ako ima slednata shema:
                                                                                I-NET  
 
                                                                                |
                                                                                |
MACHINE1
                  IF1( 192.168.0.1 or Real)------------|---------IF2(PPP,ISDN,ETH- 
REALIP )
                                |                |                      
                                |       MASQUARADE      
                                |
                                    LAN
                        |----------|
MACHINE2        192.168.0.3 -or Real( FWIP )
        
moje da redirect-va packeti s DST_IP = RealIP i DST_PORT= SOME_PORT
kym DST_IP= 192.168.0.3 i DST_PORT = SAME_PORT | SOME_OTHER_PORT.

Ne e zadylvitelno machinata ot LAN-a kym koqto redirect-va da e sys Private 
Use IP, moje da ima i realno IP. No na machinata koito redirektva triabva da 
ima MASQ.
Mai v tozi sl. ne e neobhodimo i kernel-a da e kompiliran s 
CONFIG_IP_TRANSPARENT_PROXY.

eto edin primeren skript za zapuskane na redirect  s ipmasqadm za izpolzvane 
na ne-bezizvestniq DIALPAD na Machini zad MASQ. ( Polzva 
TCP51210,UDP51200,UDP51201 kym clienta ( koito za tezi tri porta vsyshnost e 
"server" ,a ne "client" )

#!/bin/sh
REALIP=$1
FWIP=$2
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L $REALIP 51210 -R $FWIP 51210
/usr/sbin/ipmasqadm portfw -a -P udp -L $REALIP 51201 -R $FWIP 51201
/usr/sbin/ipmasqadm portfw -a -P udp -L $REALIP 51200 -R $FWIP 51200

Ako Mano iska da napravi "vidim" otvyn niakakyv service , koito mu raboti
v LAN-a , na machina != GATEWAY-a, tova bi triabvalo da svyrshi rabota.

> ama i s xinetd i rinetd sushto stava masa iako da redirect.
>
>
> ----- Original Message -----
> From: "Todor Belev" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, October 30, 2001 1:33 PM
> Subject: Re: lug-bg: IP and port redirect - IPCHAINS
>
> > 100% ne e vyzmojno.
> > REDIRECT  is  only  legal  for  the input and user-defined
> >        chains and can only be used when the Linux kernel
> > is  com�
> >        piled   with  CONFIG_IP_TRANSPARENT_PROXY
> > defined.   With
> >        this, packets will be redirected to a local
> > socket,  even
> >        if  they  were  sent  to  a remote host.  If the
> > specified
> >        redirection port is 0, which is  the  default
> > value,  the
> >        destination  port of a packet will be used as the
> > redirec�
> >        tion port.  When this target is used,  an  optional
> > extra
> >        argument (the port number) can be supplied.
> >
> >
> > Goreshto ti preporychvam edno daemonche nportredird se
> > kazva, ima mnogo polezni neshta v nego kato restriktioni
> > ogranichavane na aktivni konekcii i t.n.
> >
> > Todorin
> >
> > >-------- ���������� ����� --------
> > >��:  <[EMAIL PROTECTED]>
> > >�������: lug-bg: IP and port redirect - IPCHAINS
> > >�� : <[EMAIL PROTECTED]>
> > >��������� ��: 29.10.2001 21:55:36
> > >-----------------------------------
> > >
> > >Zdraveite.
> > >
> > >Iskam da popitam slednia vapros.
> > >Vyzmojno li e s IPCHAINS da se napravi taka che
> > >vsichko, koeto se poluchava na daden port na dadena
> > >mashina
> > >(Slackware 7.1) da se redirect-va kym syshtia port na
> > >druga mashina ?
> > >
> > >Pravil sym redirect ot edin port na drug no na syshtata
> > >mashina.
> > >Triabva li da se polzva niakakva vynshna programa za da
> > >se prenasochvat
> > >packetite kym drug kompiutyr i ako da to kakva ?
> > >
> > >Slackware 7.1
> > >Kernel 2.2.19
> > >
> > >
> > >
> > >
> > >==-rw-r--r--=============================
> > >== Pazardjik.com  System Administrator ==
> > >== GSM: +359 88 975753                 ==
> > >== e-mail: [EMAIL PROTECTED]          ==
> > >=========================================
> > >
> > >
> > >===========================================================
> >
> > ================
> >
> > >A mail-list of Linux Users Group - Bulgaria (bulgarian
> > >linuxers)
> > >http://www.linux-bulgaria.org/ Hosted by Internet Group
> > >Ltd. - Stara Zagora
> >
> > -----------------------------------
> > ������� ���-������� �������, ��������, ����...�� ���� �����:
>
> http://gbg.bg/toolbar/
>
>
>
>
>
> ===========================================================================
>
> > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara
>
> Zagora
>
>
> ===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
  • ... Todor Belev
    • ... Teodor Georgiev
      • ... Ангел Вълков
    • ... Marian Popov
    • ... Mr Mecho Puh

Reply via email to