External address forwarding

Madison Kelly linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Fri Oct 29 01:22:39 UTC 2004


Ilya Palagin wrote:
> Quoting Madison Kelly <linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org>:
> 
> 
>>Hi Ilya,
>>
>>   Short answer; yep, you can do that (easily) with Linux.
>>
>>   Long answer: You need to simply setup SNAT forwarding. What you need
>>to do (roughly) is give your Linux machine the public IP address of the
>>server. I am going to assume that you have two public IPs, one for the
>>router, and one for the server. If not, you can use port forwarding
> 
> 
> Thanks, but the problem is that right now there is only one public address -
> firewall accepts connections on it and forwards it to the server with the same
> IP:
> 
> Internet <---> 198.182.196.56_Sonicwall_172.18.1.1 <---> 198.182.196.56_Server
> 
> 
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
> 

   If you plan to not run matching services (ie: a webserver on both the 
firewall and server) then a single IP is perfectly okay. Where 
originally I mentioned that you would create a rule stating that a 
request for a give IP addree is to be forwarded to another internal IP 
address you would now add a port. For example, you would create a rule 
that says if a request comes in from the internet making a request on 
say port 80 forward it onto the internal IP of the server. This way you 
can leave ssh (tcp port 22) setup to be answered by the server (because 
you don't specify port 22 to be forwarded) while still allowing your 
protected server to answer http (tcp port 80) requests.

   I also mention and give examples of port forwarding in the paper I 
linked to in my last message. I hope this helps!

Madison

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Madison Kelly
Lead Technician
The Linux Experience
http://thelinuxexperience.com

TLE-BU; GPL Linux Backup Software
http://tle-bu.thelinuxexperience.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list