[NCLUG] ipchains question

Kevin Fenzi kevin at scrye.com
Thu Apr 19 10:39:40 MDT 2001


>>>>> "Sean" == Sean  <sean623 at home.com> writes:

Sean> This all applies to the 2.2.x kernels and ipchains as the packet
Sean> filter.  I'm not sure how things change with the 2.4.x kernels
Sean> and iptables.

with iptables you don't need a seperate application. Just add a rule
like the following:

/sbin/iptables -t nat -A PREROUTING -p tcp -d <outside-ip>/32 --dport 80 -j DNAT --to-destination 10.1.1.1

This would take all packets going to port 80 on <outside-ip> and
forward them into to the 10.1.1.1 machine. 
You can also specify ranges (for load balancing)
Or diffrent ports on the internal machine. 

One very nice thing about using this instead of a redirector (like
pynetd or rinetd) is that the internal machine sees the connection
from the remote machine directly, not from the firewall. 

Sean> Hope this helps.  -- Sean Roberts

likewise.

kevin



More information about the NCLUG mailing list