External address forwarding
Madison Kelly
linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Fri Oct 29 01:22:39 UTC 2004
Ilya Palagin wrote:
> Quoting Madison Kelly <linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org>:
>
>
>>Hi Ilya,
>>
>> Short answer; yep, you can do that (easily) with Linux.
>>
>> Long answer: You need to simply setup SNAT forwarding. What you need
>>to do (roughly) is give your Linux machine the public IP address of the
>>server. I am going to assume that you have two public IPs, one for the
>>router, and one for the server. If not, you can use port forwarding
>
>
> Thanks, but the problem is that right now there is only one public address -
> firewall accepts connections on it and forwards it to the server with the same
> IP:
>
> Internet <---> 198.182.196.56_Sonicwall_172.18.1.1 <---> 198.182.196.56_Server
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
> --
> The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>
If you plan to not run matching services (ie: a webserver on both the
firewall and server) then a single IP is perfectly okay. Where
originally I mentioned that you would create a rule stating that a
request for a give IP addree is to be forwarded to another internal IP
address you would now add a port. For example, you would create a rule
that says if a request comes in from the internet making a request on
say port 80 forward it onto the internal IP of the server. This way you
can leave ssh (tcp port 22) setup to be answered by the server (because
you don't specify port 22 to be forwarded) while still allowing your
protected server to answer http (tcp port 80) requests.
I also mention and give examples of port forwarding in the paper I
linked to in my last message. I hope this helps!
Madison
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Madison Kelly
Lead Technician
The Linux Experience
http://thelinuxexperience.com
TLE-BU; GPL Linux Backup Software
http://tle-bu.thelinuxexperience.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list