Re: portfw to multiple machines, same port
"Michael P. Soulier" wrote:
> From IPMASQADM(8):
> Redirect all web traffic to internals hostA and hostB,
> where hostB will serve 2 times hostA connections. Forward
> rules already masq internal hosts to outside (typical).
> ipchains -I input -p tcp -y -d yours.com/32 80 -m 1
> ipmasqadm mfw -I -m 1 -r hostA 80 -p 10
> ipmasqadm mfw -I -m 1 -r hostB 80 -p 20
Do I still need to set up ipchains for packets coming back out, or does
this take care of all of it? Another thing I'm similarly stuck on is
portforwarding into a single FTP server. Do you just:
ipmasqadm portfw -a -P tcp -L $external_ip 20 -R $DMZFTP_IP 20
ipmasqadm portfw -a -P tcp -L $external_ip 21 -R $DMZFTP_IP 21
or do I also need to put in some ipchains stuff defining the exiting
packets? Also, can I use both portfw and mfw in a configuration, for
instance mfw with the web servers and portfw with the ftp server?
> On 01/03/02 Xeno Campanoli did speaketh:
> > As near as I can tell from the documentation I've read so far, you can't
> > (in 2.2.x) ipmasqadm portfw a port to multiple servers of the same
> > port. For instance if I want to go from the ip address on my cable
> > connection to four separate webservers, say one an apache, one a boa, a
> > dhttpd and a roxen, all
> > of which have their own separate purposes, I just can't do this it looks
> > like without getting multiple external ip addresses using portfw. It
> > also looks like I in fact might be able to do this with mfw, which is
> > apparently not recommended. Anyhow, I'm stretching beyond my ability
> > here anyway for now.
> > The one answer that does seem to be reasonable is to specify 80 for a
> > front end webserver and then access the other webservers on other ports,
> > so that the apache could be 81, the roxen 82, the boa 83. Is this
> > fairly typical?
> > I'm not keen on playing too radically, at least not this season.
> > TIA for any feedback.
> > Sincerely, Xeno
> > --
> > http://www.eskimo.com/~xeno
> > email@example.com
> > Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.
> > --
> > To UNSUBSCRIBE, email to firstname.lastname@example.org
> > with a subject of "unsubscribe". Trouble? Contact email@example.com
> Michael P. Soulier <firstname.lastname@example.org>, GnuPG pub key: 5BC8BE08
> "...the word HACK is used as a verb to indicate a massive amount
> of nerd-like effort." -Harley Hahn, A Student's Guide to Unix
> Part 1.2Type: application/pgp-signature
Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.