[masq] Re: ipportfw or redir ?

Wed, 11 Mar 1998 19:18:36 -0500 

i thank you for your info .... 

 however i have one more question : 

the way ipportfw works ... 
 if i need to redirect ports from valid ips to a local net ( ie 192.168.x.x) 
will this get masqueraded inwards .... even if my policy doesnt allow it ? 
or portfw will really simply redirect the port ? 
or havew i misunderstood something ? 

At 02:22 PM 3/11/98 -0800, you wrote:
>>  i was just wondering what is the difference between the two ? 
>> 
>> i am usinf redir from rc.local for my netbeui 139 port and putting it in
>> background .. 
>> 
>> do they behave differently , do they do the job in a different way ? 
>
>For single port situations, redir and ipportfw have the same result,
>although the methods of achieving it.
>
>ipportfw works via firewall rules. It runs, modifies/adds/deletes
>rules as you wish, then terminates. Hence, it is able to forward a
>range of addresses.
>
>telprox, and redir however, are programs that run, sitting on a
>port. When it gets a connection, it opens the destination port on the
>destination machine. It ony handles one port at a time, and the
>machine (firewall) doing the forwarding is logged as the "source
>machine". I.E. if I telnet to mercury.merconline.com, port 1000, and
>it uses telprox/redir to forward to jupiter.merconline.com, port 23,
>I will see via the "last" command:
>
>irc       ttyp3        mercury    Sun Mar  1 12:56 - 12:56 (00:00)
>irc       ttyp0        mercury    Fri Feb 27 22:30 - 22:40 (00:10)
>
>Note: He's not really telneting from mercury, in the conventional
>sense. He's coming telnetting in from somewhere else, then getting
>forwarded from mercury. Let's take a look at "last" after I moved to
>ipportfw:
>
>irc       ttyp1   d190.dial-1.cmb. Sat Mar  7 00:03 - 00:03 (00:00)
>irc       ttyp1   d190.dial-1.cmb. Sat Mar  7 00:01 - 00:03 (00:01)
>irc       ttyp0   1Cust108.max6.ka Wed Mar  4 00:17 - 00:28 (00:11)
>irc       ttyp3   wm-dyn40.whitemt Mon Mar  2 16:08 - 16:10 (00:01)
>
>
>
>
Todosic Andrej                          [EMAIL PROTECTED]
Analyst                                         [EMAIL PROTECTED] 
Network Operations 
Mpact Immedia Inc. 


    "Out the 10Base-2, through the router, over the leased line, 
 off the bridge, past the firewall...nothing but net" -Gary Predmore

Reply via email to