Tugger the SLUGger!SLUG Mailing List Archives

RE: [SLUG] Routing a specific port to another machine on the inside


Get ipmasqadm
install ipmasqadm
add relevant lines to your firewall/init scripts that invoke ipmasadm
correctly
Then it should work :)
use google - www.google.com

all i do is have to add one line to my scripsts for a port forward. It works
pretty well.

For example this will port forward PCAnywhere for a client of mine:
/usr/sbin/ipmasqadm portfw -f     #Flushes Chains
/usr/sbin/ipmasqadm portfw -a -P tcp -L myclient.dyndns.org 5631 -R
192.168.1.95 5631
/usr/sbin/ipmasqadm portfw -a -P tcp -L myclient.dyndns.org 5632 -R
192.168.1.95 5632
/usr/sbin/ipmasqadm portfw -a -P udp -L myclient.dyndns.org 5632 -R
192.168.1.95 5632
/usr/sbin/ipmasqadm portfw -a -P udp -L myclient.dyndns.org 5631 -R
192.168.1.95 5631

PCanywhere uses 2 ports both udp and tcp.
(names changed to protect innocent)

Hope that helps,

Dave


> I'm still confused!
>
> I want to redirect port 5000 that comes into my firewall/redhat
> v6.2 (server
> installation) to an internal ip (192.168.0.2) also on port 5000. Also want
> the same to work in reverse.
>
> Could anyone give me the coding to do this and explain (in brief)
> what each
> bit means.
>
> Thanks in advance
> Regards
> Adrian
>
>  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>                 Phone:  +61 (0)4 0720 8910
>             Facsimile:  +61 (0)4 0720 5410
>                 Email:  adrian@xxxxxxxxxx
>
> > -----Original Message-----
> > From: slug-admin@xxxxxxxxxxx [mailto:slug-admin@xxxxxxxxxxx]On Behalf Of
> > Ken Yap
> > Sent: Tuesday, 21 November 2000 16:07
> > To: Sydney Linux Users Group
> > Subject: Re: [SLUG] Routing a specific port to another machine on the
> > inside
> >
> >
> > >Having another look at my set-up, I find that I am using IPCHAINS.
> > >
> > >---> snip <---
> > >
> > >ipchains -P forward DENY
> > >ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0
> > >
> > >echo "1" > /proc/sys/net/ipv4/ip_forward
> > >
> > >---> snip <---
> > >
> > >Can I still do the same using ipchains?
> >
> > You will need ipchains to do it, but in addition you need the
> > masquerading and portfw modules. Port forwarding is like masquerading in
> > reverse, it reuses the same internal mechanisms as masq.
> >