[NCLUG] ipchains question
Mark Sizer
mrsizer at home.com
Fri Apr 20 21:13:15 MDT 2001
Thanks guys, I'll give it a whirl.
I'm using Red Hat 7.0, which I believe has a 2.4.x kernel - I'll check.
If not, I'll upgrade. I hate compiling kernels, but it beats having to
wait for some company to release a fix (hmmm... who could I be talking
about?)
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 4/19/01, 10:39:40 AM, Kevin Fenzi <kevin at scrye.com> wrote regarding Re:
[NCLUG] ipchains question:
> >>>>> "Sean" == Sean <sean623 at home.com> writes:
> Sean> This all applies to the 2.2.x kernels and ipchains as the packet
> Sean> filter. I'm not sure how things change with the 2.4.x kernels
> Sean> and iptables.
> with iptables you don't need a seperate application. Just add a rule
> like the following:
> /sbin/iptables -t nat -A PREROUTING -p tcp -d <outside-ip>/32 --dport 80
-j DNAT --to-destination 10.1.1.1
> This would take all packets going to port 80 on <outside-ip> and
> forward them into to the 10.1.1.1 machine.
> You can also specify ranges (for load balancing)
> Or diffrent ports on the internal machine.
> One very nice thing about using this instead of a redirector (like
> pynetd or rinetd) is that the internal machine sees the connection
> from the remote machine directly, not from the firewall.
> Sean> Hope this helps. -- Sean Roberts
> likewise.
> kevin
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
More information about the NCLUG
mailing list