GBV wrote:
----- Original Message ----- From: "GBV" <guilherme@plannercorretora.com.br> To: "*debian" <debian-user@lists.debian.org> Sent: Wednesday, March 19, 2003 5:39 PM Subject: IRC under NATI´m using Debian 3.0r1 with kernel 2.4.19 as a iptables firewall I have internal webservers that I need to publish as Internet Sites Forthismanipulation I´m using Apache ProxyPass. The site works perfectly under apache.. even when the internal host is an ISS. 1. How can I do it without apache proxypass, using iptables? 2. This internal webserver also have a IRC server... how can I manipulatingiptables, to the external hosts use this internal IRC server, since i´monly"sharing" the httpd via apache proxypass?
both this problems can be solved with simple port-forwarding like so:iptables -t nat -A PREROUTING -i <inet-iface> -s <allowed-hosts> -p tcp --dport 80 -j DNAT --to <internal-host> iptables -A FORWARD -i <inet-iface> -s <allowed-hosts> -o <lan-iface> -d <internal-host> -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i <lan-iface> -s <internal-host> -o <inet-iface> -d <allowed-hosts> -p tcp --sport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT
This is for HTTP, for IRC simply chnage to --dport 6667 (or whatever port youre running your ircd on)
3. Since I´m using apache proxypass I defined in virtualhosts that '/internalhost' leads to http://192.168.0.69:8080 , and I need to mantain that www.foo.com/internalhost , but using iptables someway. And I need the ircd of this internal server, responds via the same host. I´d like to mantain my apache since it´s in use... Is it possible? OR I´ll have to put this apache in another internal host, and them using iptables for manipulating?
Since the Iptables settings above simply forward all traffic coming into port 80 to the internal server, the apache on the firewall will not be accessible, you'll need to run it on another host or on a different port.
Regards, IFireBall.