Re: [plug] routing packets

Roger Filomeno Wed, 10 May 2006 02:46:16 -0700

now i see, the box is just a firewall. right? On the original email it mentioned IPtables, HTTP, pop.smtp so i thought its just on one box therefore binding apache to an IP on eth0 wont be the solution. There were missing infos thats why i couldnt picture the problem properly so i compared it on my setup here where eth0 and eth1 both connects to the internet then on eth0 i just allow port 80 while on eth1 port 80 is block so all http request just passes thru eth0's IP and even if apache was binded to *:80 it doesnt receive any request for IPs on eth1 :)

So just allow http/https and pop on eth0 and smtp on eth1, on default block all

it will look like this:

-A RH-Firewall-1-INPUT -i eth0 -p tcp -m udp -m state --dport 80 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -p tcp -m udp -m state --dport 110 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -p tcp -m udp -m state --dport 25 --state NEW -j ACCEPT
...
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
...
-A PREROUTING -p tcp --dport 80 -j DNAT --to IP.OF.WEB.SERVER:80
-A PREROUTING -p tcp --dport 110 -j DNAT --to IP.OF.MAIL.SERVER:110
-A PREROUTING -p tcp --dport 25 -j DNAT --to IP.OF.MAIL.SERVER:25
...
COMMIT

On 5/10/06, Mhac Janapin < [EMAIL PROTECTED]> wrote:

can you give us a diagram to have a clearer picture on our side?

fooler.

This is exactly what I am after.
--
Mhac Janapin
PBTS SysAd
=============
http://mulingsilang.blogspot.com
=============
I'm an Open Source Enthusiast. c",)
Mozilla Firefox 1 - getfirefox.com
Mozilla Thunderbird 1 - mozilla.org
OpenOffice.org
=============

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

--
--
To contact me anytime and anywhere via SMS:
MSG GODIE <YOUR MESSAGE>
then send to 2948 for Globe/Sun and 3940 for Smart.

You want to have your own Mobile Address like me? Get it FREE at www.Txtmokko.com
--
PUT YOUR ADS ON THE HAND OF 35 MILLION PEOPLE. GET YOUR DOMAIN FOR MOBILE AT http://www.TxtDOMAIN.com
_
Roger P. Filomeno
Mobile Specialist / R&D
http://corruptedpartition.blogspot.com/

* Finger Apps Inc, http://fingerapps.com * TXTMOKKO, http://txtmokko.com * MyAyala, http://myayala.com * KayaMoney e-Commerce, http://kayamoney.com/ * KayaShop e-Market, http://kayamoney.com/shop/ * Registered Linux User # 367694 * PGP IDs: 0xCB5F3FF7 / 0xDF7D2589 (http://keyserver.pgp.com)

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

Re: [plug] routing packets

Reply via email to