[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: portfw to multiple machines, same port

The best source of examples that worked as a sweet starter template for me
can be found at:

http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c.html

If you are running ipchains, it's a killer place to look.  I plan to check
it out again when it has iptables support in it to see if he has anything
new.

vec

----- Original Message -----
From: "Xeno Campanoli" <xeno@eskimo.com>
To: "Michael P. Soulier" <michael.soulier@rogers.com>
Cc: <debian-user@lists.debian.org>
Sent: Saturday, March 02, 2002 8:59 PM
Subject: Re: portfw to multiple machines, same port


> "Michael P. Soulier" wrote:
> >
> >     From IPMASQADM(8):
> >
> >    EXAMPLES
> >        Redirect all web traffic to  internals  hostA  and  hostB,
> >        where  hostB will serve 2 times hostA connections. Forward
> >        rules already masq internal hosts to outside (typical).
> >
> >               ipchains -I input -p tcp -y -d yours.com/32 80 -m 1
> >               ipmasqadm mfw -I -m 1 -r hostA 80 -p 10
> >               ipmasqadm mfw -I -m 1 -r hostB 80 -p 20
>
> Do I still need to set up ipchains for packets coming back out, or does
> this take care of all of it?  Another thing I'm similarly stuck on is
> portforwarding into a single FTP server.  Do you just:
>
> ipmasqadm portfw -a -P tcp -L $external_ip 20 -R $DMZFTP_IP 20
> ipmasqadm portfw -a -P tcp -L $external_ip 21 -R $DMZFTP_IP 21
>
> or do I also need to put in some ipchains stuff defining the exiting
> packets?  Also, can I use both portfw and mfw in a configuration, for
> instance mfw with the web servers and portfw with the ftp server?
>
> TIA
>
> >
> >     Mike
> >
> > On 01/03/02 Xeno Campanoli did speaketh:
> >
> > > As near as I can tell from the documentation I've read so far, you
can't
> > > (in 2.2.x) ipmasqadm portfw a port to multiple servers of the same
> > > port.  For instance if I want to go from the ip address on my cable
> > > connection to four separate webservers, say one an apache, one a boa,
a
> > > dhttpd and a roxen, all
> > > of which have their own separate purposes, I just can't do this it
looks
> > > like without getting multiple external ip addresses using portfw.  It
> > > also looks like I in fact might be able to do this with mfw, which is
> > > apparently not recommended.  Anyhow, I'm stretching beyond my ability
> > > here anyway for now.
> > >
> > > The one answer that does seem to be reasonable is to specify 80 for a
> > > front end webserver and then access the other webservers on other
ports,
> > > so that the apache could be 81, the roxen 82, the boa 83.  Is this
> > > fairly typical?
> > >
> > > I'm not keen on playing too radically, at least not this season.
> > >
> > > TIA for any feedback.
> > >
> > > Sincerely, Xeno
> > > --
> > > http://www.eskimo.com/~xeno
> > > xeno@eskimo.com
> > > Physically I'm at:  5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
> >
> > --
> > Michael P. Soulier <msoulier@mcss.mcmaster.ca>, GnuPG pub key: 5BC8BE08
> > "...the word HACK is used as a verb to indicate a massive amount
> > of nerd-like effort."  -Harley Hahn, A Student's Guide to Unix
> >
>
  ------------------------------------------------------------------------
> >    Part 1.2Type: application/pgp-signature
>
> --
> http://www.eskimo.com/~xeno
> xeno@eskimo.com
> Physically I'm at:  5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
Reply to: