Here's what eric ng replied to me about how to configure port forwarding
with 2.4.x kernels
he asked me to post it since he can not post messages to the list
thanks again Eric
juaid
----- Original Message -----
From: "eric ng" <[EMAIL PROTECTED]>
To: "juaid" <[EMAIL PROTECTED]>
Sent: Friday, December 14, 2001 5:42 PM
Subject: Re: port forwarding
: You are welcome. But can you do me a favor and post
: this version of the solution as a follow-up to your
: posting? It would help the next person searching for
: this answer on the net. I don't know why I can't post
: my first email to you as a reply to the newsgroup.
: Thanks in advance.
:
: --- juaid <[EMAIL PROTECTED]> wrote:
: > Thank you very much!!!
: >
: > I had tried something yesterday like the first line
: > only, I would have never
: > imagined all the rest!!!
: > Yes, I know that from the inside you can not access
: > the ip, I have seen it
: > with things I've donde with "ipmasqadm porfw"
: >
: > I'll try this code
: >
: > Thank you a lot!!! :)
: >
: > juaid
: >
: >
: > ----- Original Message -----
: > From: "eric ng" <[EMAIL PROTECTED]>
: > To: <[EMAIL PROTECTED]>
: > Sent: Thursday, December 13, 2001 10:19 PM
: > Subject: RE: port forwarding
: >
: >
: > : Try this:
: > : # route port 22 traffic for this extIP to targetIP
: > : iptables -t nat -A PREROUTING -i $extint -p tcp -d
: > : {extIP} --dport 22 -j DNAT --to {targetIP}:22
: > :
: > : # but you actually have to forward it.
: > : iptables -A FORWARD -i $extint -o $intint -p tcp
: > -d
: > : 1{targetIP} --dport 22 -j ACCEPT
: > :
: > : # and forward all the reply back out
: > : iptables -A FORWARD -i $intint -o $extint -p tcp
: > -s
: > : {targetIP} --sport 22 -j ACCEPT
: > :
: > : # and this one make sure your target box is going
: > to
: > : reply to the firewall that is doing the routing
: > for
: > : this one packet.
: > : iptables -t nat -A POSTROUTING -o $intint -j SNAT
: > --to
: > : {intIP of firewall}
: > :
: > : replace {extIP} with the actual external IP that
: > you
: > : give out.
: > : replace {targetIP} with the LAN ip of the box you
: > wish
: > : traffic to be forwarded to.
: > : replace {intIP of firewall} with the internal IP
: > of
: > : the firewall.
: > :
: > : ok, this will only work for traffic from outside
: > to
: > : inside. But if you are sitting on the inside and
: > try
: > : to access the extIP, everything goes to hell (I
: > mean
: > : the packet got lost somewhere).
: > :
: > : Please let me know if you have any questions about
: > the
: > : codes up there.
: > :
: > :
: > : __________________________________________________
: > : Do You Yahoo!?
: > : Check out Yahoo! Shopping and Yahoo! Auctions for
: > all of
: > : your unique holiday gifts! Buy at
: > http://shopping.yahoo.com
: > : or bid at http://auctions.yahoo.com
: >
:
:
: __________________________________________________
: Do You Yahoo!?
: Check out Yahoo! Shopping and Yahoo! Auctions for all of
: your unique holiday gifts! Buy at http://shopping.yahoo.com
: or bid at http://auctions.yahoo.com
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
