/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
on 1/13/2002 4:27 AM, Eric Persson at [EMAIL PROTECTED] wrote: > I've been following the list discussion silently for a while now, but > have finally got to install my ipmasqbox. I use the "simple rc.firewall > 0.63" on a redhat 7.2 with the 2.4-10 kernel. > > It works very well I must say, I'm impressed myself. :) > > I have a static IP on the external interface and a static one on the > internal interface. Then I use dhcp to give private adresses to all > machines on the internal network. > Everyone can do pretty much what they want and so on. > > Now to my question. For the moment I have some servers at the same level > as the firewall, that is, with a static ip directly connected to the > net. My intention is to put theese behind the firewall, and redirect the > corresponding ports to each machine on the network. > I got this working fine with a webserver by adding the following > commands to the firewall script. > > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state > --state NEW,ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 80 -j DNAT --to > $WEBSERVER:80 > > Can this also be done with a mailserver, which would need forwarding of > smtp, pop3 and imap? I use qmail on the mailserver if that have any > impact. The problem is that my network-knowledge about the mailserver is > a bit limited. > > So have anyone put a mailserver behind the firewall before? And can I > maybe get some example. Eric, The only servers that you'll have problem with are those that put the machine's IP address into the data, such as FTP and some game servers. However, SMTP (25), POP3 (110), and IMAP (143) are easily redirected, however if you are putting multiples of those servers behind a firewall, you'll either have to choose separate ports, do some more extensive routing to get multiple external IPs to send to specific internal IPs, or set up a server to support multiple virtual servers. Also, you'll need to make sure that the internal servers are on fixed IP addresses. You can do that either by setting up DHCP to always assign a specific IP address for the servers, or simply specify a fixed IP address outside of your DHCP address range. -- Glenn L. Austin <>< <[EMAIL PROTECTED]> Phone: (360) 281-5436 _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
