Re: portfw to multiple machines, same port
The best source of examples that worked as a sweet starter template for me
can be found at:
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c.html
If you are running ipchains, it's a killer place to look. I plan to check
it out again when it has iptables support in it to see if he has anything
new.
vec
----- Original Message -----
From: "Xeno Campanoli" <xeno@eskimo.com>
To: "Michael P. Soulier" <michael.soulier@rogers.com>
Cc: <debian-user@lists.debian.org>
Sent: Saturday, March 02, 2002 8:59 PM
Subject: Re: portfw to multiple machines, same port
> "Michael P. Soulier" wrote:
> >
> > From IPMASQADM(8):
> >
> > EXAMPLES
> > Redirect all web traffic to internals hostA and hostB,
> > where hostB will serve 2 times hostA connections. Forward
> > rules already masq internal hosts to outside (typical).
> >
> > ipchains -I input -p tcp -y -d yours.com/32 80 -m 1
> > ipmasqadm mfw -I -m 1 -r hostA 80 -p 10
> > ipmasqadm mfw -I -m 1 -r hostB 80 -p 20
>
> Do I still need to set up ipchains for packets coming back out, or does
> this take care of all of it? Another thing I'm similarly stuck on is
> portforwarding into a single FTP server. Do you just:
>
> ipmasqadm portfw -a -P tcp -L $external_ip 20 -R $DMZFTP_IP 20
> ipmasqadm portfw -a -P tcp -L $external_ip 21 -R $DMZFTP_IP 21
>
> or do I also need to put in some ipchains stuff defining the exiting
> packets? Also, can I use both portfw and mfw in a configuration, for
> instance mfw with the web servers and portfw with the ftp server?
>
> TIA
>
> >
> > Mike
> >
> > On 01/03/02 Xeno Campanoli did speaketh:
> >
> > > As near as I can tell from the documentation I've read so far, you
can't
> > > (in 2.2.x) ipmasqadm portfw a port to multiple servers of the same
> > > port. For instance if I want to go from the ip address on my cable
> > > connection to four separate webservers, say one an apache, one a boa,
a
> > > dhttpd and a roxen, all
> > > of which have their own separate purposes, I just can't do this it
looks
> > > like without getting multiple external ip addresses using portfw. It
> > > also looks like I in fact might be able to do this with mfw, which is
> > > apparently not recommended. Anyhow, I'm stretching beyond my ability
> > > here anyway for now.
> > >
> > > The one answer that does seem to be reasonable is to specify 80 for a
> > > front end webserver and then access the other webservers on other
ports,
> > > so that the apache could be 81, the roxen 82, the boa 83. Is this
> > > fairly typical?
> > >
> > > I'm not keen on playing too radically, at least not this season.
> > >
> > > TIA for any feedback.
> > >
> > > Sincerely, Xeno
> > > --
> > > http://www.eskimo.com/~xeno
> > > xeno@eskimo.com
> > > Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
> >
> > --
> > Michael P. Soulier <msoulier@mcss.mcmaster.ca>, GnuPG pub key: 5BC8BE08
> > "...the word HACK is used as a verb to indicate a massive amount
> > of nerd-like effort." -Harley Hahn, A Student's Guide to Unix
> >
>
------------------------------------------------------------------------
> > Part 1.2Type: application/pgp-signature
>
> --
> http://www.eskimo.com/~xeno
> xeno@eskimo.com
> Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
Reply to: