Re: Redirecting http traffic to a different machine

To: "Matt Armstrong" <matt@lickey.com>, <debian-firewall@lists.debian.org>
Subject: Re: Redirecting http traffic to a different machine
From: "Ken Stanley" <buddha@ih8dos.com>
Date: Thu, 10 Jun 1999 19:01:48 -0400
Message-id: <[🔎] 003e01beb395$3a8d7280$e84f5d18@carolina.rr.com>
References: <[🔎] 19990610154640.A19110@mistera.lickey.com>

Matt:

I have tried doing the same thing once upon a time.
The problem I ran into was that ipfwadm could not,
for whatever reason, redirect my http requests to
an internal machine on my local intranet.

The best solution I found at the time was to use
a program called redir. What this does is it forwards
requests to a single port to another machine, whether
that machine touches the Internet or not is irrelevant. ;-)

Now, if you don't like this idea (keep it in mind though,
it is the easiest to set up) you can think about upgrading
to ipchains instead of ipfwadm. If I am not mistaken there
are patches for the 2.0 kernels to use this, but it is more
stable to just go to the 2.2 kernel as it is built in by default.
Now my knowledge on the syntax is less then existent, but
they do have an IPCHAINS-HOWTO that should tell you
what you need to do. :-)

To get info for redir go to:
http://www.linux.org/cgi-bin/showlsm.cgi?entry=0003085

To get more info on ipchains go to: http://www.rustcorp.com/linux/ipchains/

This should at least get you started on the correct path to what
you are looking to do.

Good Luck,

Ken Stanley

> I have a single static IP address from my IP.  I'm running a
> Debian/slink system (kernel 2.0.36) on that IP address and
> using IP masquerading to give my other two machines internet
> access.  This machine is acting as a firewall, web and smtp server.
> I'd like to offload the web and smtp services to an internal machine
> and am having trouble forwarding the connections.
>
> What is the best way to foward tcp connections people make to my
> firewall to other machines on my internal class C net?  I'd like
> it to be something lightweight -- ideally not an application level
> proxy.
>
> Excuse me if this is a FAQ.  I've read every FAQ and HOWTO on this
> subject and must be missing something fundamental.
>
> P.S. I've tried rules such as this to no avail:
>
> ipfwadm -F -a accept -b -P tcp -S any/0 1024:65536 -D 192.168.1.101 80
>
> I appreciate any help!
>
> --
> matt - http://www.lickey.com

Reply to:

Follow-Ups:
- Re: Redirecting http traffic to a different machine
  - From: Christian Winkler <cw@wwl.de>
- Re: Redirecting http traffic to a different machine
  - From: Irakli Elizbarashvili <carl.corey@localhost.localdomain>

References:
- Redirecting http traffic to a different machine
  - From: Matt Armstrong <matt@lickey.com>

Prev by Date: Redirecting http traffic to a different machine
Next by Date: Re: Redirecting http traffic to a different machine
Previous by thread: Redirecting http traffic to a different machine
Next by thread: Re: Redirecting http traffic to a different machine
Index(es):
- Date
- Thread