[NCLUG] ipchains question
Sean
sean623 at home.com
Thu Apr 19 09:59:55 MDT 2001
On Wednesday April 18 2001 7:46pm, you wrote:
> Hi all,
> Anyway:
>
> I have a Linux server connected to my cable modem. There is a Windows
> 2000 server hiding behind it. The Linux box has two network cards,
> firewalling the Windows machine (sort of - more of a router. I'm afraid
> my security is not very good).
>
> I've got the Linux machine masquerading the internal network. It works
> fine.
>
> What I want to do is allow access to the Windows web server from outside.
> I assume this means routing a port on the linux machine's external card
> to 192.168.0.2:80 on the inside. I've tried numerous things, but I've
> only managed to kill sendmail.
>
> Could anyone help, please?
>
> Thanks,
>
> - Mark R. Sizer
You need to install the ipmasqadm application.
You will need to compile your kernel to support ipportfw masquerade support.
Check the internet for details of implementing ipmasqadm.
When your firewall is started you will need to give a rule for the port
forwarding similar to:
ipmasqadm portfw -a -P tcp -L <eth0 ip> 80 -R 192.168.0.2 80
You are going to want to make sure your firewall rules are tight, since you
are now giving (limited) access to your internal network.
This all applies to the 2.2.x kernels and ipchains as the packet filter. I'm
not sure how things change with the 2.4.x kernels and iptables.
Hope this helps.
--
Sean Roberts
More information about the NCLUG
mailing list