Re: Port forwarding

To: Michael Meskes <meskes@debian.org>
Cc: Fitsch <fitsch@gmx.net>, "debian-user@lists.debian.org" <debian-user@lists.debian.org>, "debian-firewall@lists.debian.org" <debian-firewall@lists.debian.org>, recipient list not shown: ;
Subject: Re: Port forwarding
From: aphro <nate@firetrail.com>
Date: Thu, 27 Jan 2000 12:37:13 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.21.0001271236420.12152-100000@galactica.firetrail.com>
In-reply-to: <[🔎] 20000127152414.A1248@fam-meskes.de>

if its simple port redirection you could try rinetd, its a snap to setup,
i dont think it performs well under high load though it works great
though.

nate

On Thu, 27 Jan 2000, Michael Meskes wrote:

meskes >On Thu, Jan 27, 2000 at 02:06:01PM +0100, Fitsch wrote:
meskes >> > Perhaps you try something wrong, or I don't understand your setup. In
meskes >> > common Port Forwarding is used to redirect traffic from the outside to
meskes >> > an internal host behind your firewall. (e.g. webserver) this internal
meskes >> > host may have an adress from the private space.
meskes >
meskes >Yes, that's exactly what I want to do. I tried this with masq. on and out
meskes >but the problems are the same.
meskes >
meskes >> > When you specify the IP-Adresses, Source and Destination must be
meskes >> > adresses on different machines, not of different nic's in one machine.
meskes >
meskes >Right. I used as IP addresses the outside address of my firewall and the
meskes >address of my server in my internal net.
meskes >
meskes >> > If you have a strict policy on your firewall you have to allow this
meskes >> > traffic, better you create an seperate chain for portforwarded traffic
meskes >> > from the outside to the inside.
meskes >
meskes >I even tried with all traffic allowed through.
meskes >
meskes >> > For traffic from the inside to the outside you don't need Port
meskes >> > Forwarding, as this is handled by Masquerading or normal routing.
meskes >
meskes >Yes, but I also get backward traffic after connecting from the outside. For
meskes >instance inetd tried to connect to teh auth service to check who is trying
meskes >to connect. The problem I had with outbound traffic though was with the
meskes >packets send back in the connection established from the outside.
meskes >
meskes >Michael
meskes >-- 
meskes >Michael Meskes                         | Go SF 49ers!
meskes >Th.-Heuss-Str. 61, D-41812 Erkelenz    | Go Rhein Fire!
meskes >Tel.: (+49) 2431/72651                 | Use Debian GNU/Linux!
meskes >Email: Michael@Fam-Meskes.De           | Use PostgreSQL!
meskes >
meskes >
meskes >-- 
meskes >Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
meskes >

----------------------------------------[mailto:aphro@aphroland.org ]--
   Vice President Network Operations       http://www.firetrail.com/
  Firetrail Internet Services Limited      http://www.aphroland.org/
       Everett, WA 425-348-7336            http://www.linuxpowered.net/
            Powered By:                    http://comedy.aphroland.org/
    Debian 2.1 Linux 2.0.36 SMP            http://yahoo.aphroland.org/
-----------------------------------------[mailto:aphro@netquest.net ]--
12:34pm up 161 days, 41 min, 1 user, load average: 1.07, 1.12, 1.09

Reply to:

Follow-Ups:
- Re: Port forwarding
  - From: Michael Meskes <meskes@debian.org>

References:
- Re: Port forwarding
  - From: Michael Meskes <meskes@debian.org>

Prev by Date: Re: Port forwarding
Next by Date: Re: Port forwarding
Previous by thread: Re: Port forwarding
Next by thread: Re: Port forwarding
Index(es):
- Date
- Thread