Re: portfw to multiple machines, same port

To: "Michael P. Soulier" <michael.soulier@rogers.com>
Cc: debian-user@lists.debian.org
Subject: Re: portfw to multiple machines, same port
From: Xeno Campanoli <xeno@eskimo.com>
Date: Sat, 02 Mar 2002 19:59:52 -0800
Message-id: <[🔎] 3C819FB8.BB8B77DE@eskimo.com>
References: <[🔎] Pine.LNX.4.43.0203012157590.5058-100000@glissarok> <[🔎] 3C804ACA.D8BC0BD1@eskimo.com> <[🔎] 20020302143224.GG419@tigger>

"Michael P. Soulier" wrote:
> 
>     From IPMASQADM(8):
> 
>    EXAMPLES
>        Redirect all web traffic to  internals  hostA  and  hostB,
>        where  hostB will serve 2 times hostA connections. Forward
>        rules already masq internal hosts to outside (typical).
> 
>               ipchains -I input -p tcp -y -d yours.com/32 80 -m 1
>               ipmasqadm mfw -I -m 1 -r hostA 80 -p 10
>               ipmasqadm mfw -I -m 1 -r hostB 80 -p 20

Do I still need to set up ipchains for packets coming back out, or does
this take care of all of it?  Another thing I'm similarly stuck on is
portforwarding into a single FTP server.  Do you just:

ipmasqadm portfw -a -P tcp -L $external_ip 20 -R $DMZFTP_IP 20
ipmasqadm portfw -a -P tcp -L $external_ip 21 -R $DMZFTP_IP 21

or do I also need to put in some ipchains stuff defining the exiting
packets?  Also, can I use both portfw and mfw in a configuration, for
instance mfw with the web servers and portfw with the ftp server?

TIA

> 
>     Mike
> 
> On 01/03/02 Xeno Campanoli did speaketh:
> 
> > As near as I can tell from the documentation I've read so far, you can't
> > (in 2.2.x) ipmasqadm portfw a port to multiple servers of the same
> > port.  For instance if I want to go from the ip address on my cable
> > connection to four separate webservers, say one an apache, one a boa, a
> > dhttpd and a roxen, all
> > of which have their own separate purposes, I just can't do this it looks
> > like without getting multiple external ip addresses using portfw.  It
> > also looks like I in fact might be able to do this with mfw, which is
> > apparently not recommended.  Anyhow, I'm stretching beyond my ability
> > here anyway for now.
> >
> > The one answer that does seem to be reasonable is to specify 80 for a
> > front end webserver and then access the other webservers on other ports,
> > so that the apache could be 81, the roxen 82, the boa 83.  Is this
> > fairly typical?
> >
> > I'm not keen on playing too radically, at least not this season.
> >
> > TIA for any feedback.
> >
> > Sincerely, Xeno
> > --
> > http://www.eskimo.com/~xeno
> > xeno@eskimo.com
> > Physically I'm at:  5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> --
> Michael P. Soulier <msoulier@mcss.mcmaster.ca>, GnuPG pub key: 5BC8BE08
> "...the word HACK is used as a verb to indicate a massive amount
> of nerd-like effort."  -Harley Hahn, A Student's Guide to Unix
> 
>   ------------------------------------------------------------------------
>    Part 1.2Type: application/pgp-signature

-- 
http://www.eskimo.com/~xeno
xeno@eskimo.com
Physically I'm at:  5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.

Reply to:

Follow-Ups:
- Re: portfw to multiple machines, same port
  - From: "Michael P. Soulier" <michael.soulier@rogers.com>
- Re: portfw to multiple machines, same port
  - From: "Vector" <debian@itpsg.com>

References:
- Re: x-forwarding with ssh
  - From: Cameron Kerr <cameron.kerr@paradise.net.nz>
- portfw to multiple machines, same port
  - From: Xeno Campanoli <xeno@eskimo.com>
- Re: portfw to multiple machines, same port
  - From: "Michael P. Soulier" <michael.soulier@rogers.com>

Prev by Date: Re: Re-building kernel with make-kpkg (was: cdrecord + ide cdrw)
Next by Date: Need Creative Method to transfer a file
Previous by thread: Re: portfw to multiple machines, same port
Next by thread: Re: portfw to multiple machines, same port
Index(es):
- Date
- Thread