On Tue, Jun 25, 2002 at 09:01:03PM +0200, Admin wrote: > Hi, I have no idea if if this is possible or not, but I would appreciate > some suggestions: > > I have a server running inside our LAN and I want to be able to connect > to a particular daemon on this server, listening on port 5432, from > outside the LAN through the firewall. > I've set up port forwarding to DNAT traffic destined for this port to > the LAN server. This works fine however the application opens up a > second 'data channel' similar to port based ftp but between two > unprivileged ports on the client and server. > Is there any way to cater for this secondary connection and also do the > DNAT ?
If this second connection is incoming and to a static port you can set up a second DNAT for that. If this second connection is outgoing and from a static port you can set up an SNAT for that. If this second connection is to/from a dynamic port then you're kind of out of luck and need a conntrack module (like ip_conntrack_ftp) to do the job. However, if you had a second valid IP then you could nail up a DNAT/SNAT for that host... Ramin > Thanks > Phill >
