[ale] Firewall rules / filtering
    Chris Ricker 
    chris.ricker at genetics.utah.edu
       
    Thu Jul 15 16:55:16 EDT 1999
    
    
  
On Thu, 15 Jul 1999, Michael A. Smith wrote:
> I would like incoming traffic to my firewall on port 80 to be routed to a
> web server inside my firewall.  Does anyone have a good rule using ipchains
> to do this?
> 
Ipchains won't do that.  You need to enable IPPORTFW when you compile your
kernel, and then use ipmasqadm [1].
Note that for ipmasqadm to work, though, you do have to be forwarding the
packets with ipchains as well first (is this getting confusing yet? ;-).
Something like
ipchains -I forward -p tcp -s 10.0.0.1/32 80 -j MASQ
ipmasqadm portfw -a -P TCP -L 1.2.3.4 80 -R 10.0.0.1 80
(where 1.2.3.4 is your firewall ip and 10.0.0.1 is your internal web server)
should be enough to get you started.
You can also do all this entirely in userspace, using redir which sets up a
socket connection between your firewall and your web server, and shoves
everything coming to port 80 on the firewall down that socket.  I've not
used it in a long time and ipmasqadm is the recommended solution, though.
later,
chris
[1] http://juanjox.linuxhq.com/
-- 
Chris Ricker                                               kaboom at gatech.edu
                                              chris.ricker at genetics.utah.edu
    
    
More information about the Ale
mailing list