Re: IP maquerading rules

To: debian-firewall@lists.debian.org
Subject: Re: IP maquerading rules
From: "Brandyn Kusenda" <bjkusenda@hotmail.com>
Date: Thu, 22 Mar 2001 05:44:30 -0000
Message-id: <F94pTljBOh8s4KWiGtX000073a2@hotmail.com>

Try out the handy little tool called "rinetd". its a port redirectioningserver.


brandyn

From: Steve Doerr <sdoerr@swbell.net>
To: debian-firewall@lists.debian.org
Subject: IP maquerading rules
Date: Wed, 21 Mar 2001 21:28:45 -0600
MIME-Version: 1.0

Received: from [216.234.231.6] by hotmail.com (3.2) with ESMTP idMHotMailBC82B30C00A5400431A5D8EAE7060FF40; Wed Mar 21 18:48:44 2001

Received: (qmail 4004 invoked by uid 38); 22 Mar 2001 02:43:53 -0000
Received: (qmail 1131 invoked from network); 22 Mar 2001 02:42:52 -0000

Received: from mta5.rcsntx.swbell.net (151.164.30.29) by murphy.debian.orgwith SMTP; 22 Mar 2001 02:42:52 -0000Received: from swbell.net ([208.191.217.71]) by mta5.rcsntx.swbell.net (SunInternet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id<0GAK00C8WURD81@mta5.rcsntx.swbell.net> fordebian-firewall@lists.debian.org; Wed, 21 Mar 2001 20:26:02 -0600 (CST)

From bounce-debian-firewall Wed Mar 21 18:48:44 2001
X-Envelope-Sender: sdoerr@swbell.net
Sender: steve@mta5.rcsntx.swbell.net
Message-id: <3AB9716D.CCFE3DBF@swbell.net>
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.15 i686)
X-Accept-Language: en
Resent-Message-ID: <O7M5DD.A.l9.pbWu6@murphy>
Resent-From: debian-firewall@lists.debian.org
X-Mailing-List: <debian-firewall@lists.debian.org> archive/latest/1347
X-Loop: debian-firewall@lists.debian.org
Precedence: list
Resent-Sender: debian-firewall-request@lists.debian.org

Hello.  I hope someone can give me some advice on how to accomplish
something using the ipmasq package.

I'm not sure I'm following how to use the rules system for this.  I want
to open ports 80 and 5432 for my website and it's connection to
postgres.  The server will be running behind my firewall.  I think that
I need to somehow incorporate the following lines into the rules:

ipmasqadm portfw -a -P tcp -L <my_ext_ip> 80 -R <my_int_ClassC_host_ip>
80

ipmasqadm portfw -a -P tcp -L <my_ext_ip> 5432 -R
<my_int_ClassC_host_ip> 5432

Should I just create a Z98apachePG.rul file like below (I'm on 2.2.17
kernel so only ipchains apply)?  Does anyone have a better suggestion?

Thanks very much for any input.
Steve

#######
# Sample rule file
#######

#######
# open Apache and Postgres to the internet through the firewall
case $MASQMETHOD in
ipfwadm)
    $IPFWADM -I -a accept -S 0/0 68 -D 0/0 67 -W eth1 -P tcp
    $IPFWADM -O -a accept -D 0/0 68 -S 0/0 67 -W eth1 -P tcp
    ;;
ipchains)
    $IPCHAINS -A input -j ACCEPT -s 0/0 68 -d 0/0 67 -i eth1 -p tcp
    $IPCHAINS -A output -j ACCEPT -d 0/0 68 -s 0/0 67 -i eth1 -p tcp
    ipmasqadm portfw -a -P tcp -L <my_ext_ip> 80 -R
<my_int_ClassC_host_ip> 80
    ipmasqadm portfw -a -P tcp -L <my_ext_ip> 5432 -R
<my_int_ClassC_host_ip> 5432
    ;;
esac



--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org

with a subject of "unsubscribe". Trouble? Contactlistmaster@lists.debian.org


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

Reply to:

Prev by Date: IP maquerading rules
Next by Date: Re: stateful firewall
Previous by thread: IP maquerading rules
Next by thread: Routing problem...
Index(es):
- Date
- Thread