[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ProgSoc] ipchains
On Tue, 23 Oct 2001 05:54, Victor Rajewski wrote:
] I've got a firewall setup up running debian 2.2 with a 2.2 kernel, and
...
] Does ipchains handle the port forwarding, or does one need an external
] program (i.e. redir) to do this? I have got the latter working, but was
] under the impression this could b done with just ipchains. If so, what
] rules would b needed?
# apt-get install rinetd
# vi /etc/rinetd.conf
The config is remarkably straightforward - something like :
203.164.234.67 5909 192.168.0.1 5909
Will redirect incoming sessions on port 5909 on my
external interface . . . to port 5909 on an internal box.
The only thing I haven't yet worked out is a neat way of
updating that file periodically with my dhcp-issued
address, but that's more because it's only changed twice
in the past 18 months.
I'd suggset you then wrap an ipchains rule around (in your
firewall.sh) that prevents anyone but certain ip addr's seeing
the redirected port .. because this is, of course, a horrible
security issue (direct access thru your firewall and into an
internal host).
Jedd.
--
jedd == jedd at progsoc dot org
"The mark of your ignorance is the depth of your belief in
injustice and tragedy. What the caterpillar calls the end
of the world, the master calls a butterfly."
-- Messiah's Handbook : Reminders for the Advanced Soul
-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.