Re: PATCH: portfw entire machine

Juanjo Ciarlante (irriga@impsat1.com.ar)
Wed, 26 May 1999 08:39:21 -0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: dinon: "Re: linux-kernel-digest V1 #3852"
Previous message: Riley Williams: "Re: loading version nonsensitive module into version sensitive"

On Fri, May 21, 1999 at 12:28:20PM +0100, Tony Hoyle wrote:
> This is a patch which allows port forwarding of every port on a
> machine. I created it
> as we needed to maintain the use of certain IP addresses after
> installing a firewall
> (cabling was not an option, and we have no access to the external
> router).
>
> To use it:
> ifconfig eth0:1 x.x.x.x up
> ipmasqadm portfw -a -P tcp -L x.x.x.x 65535 -R 192.168.1.x 65535
>
> This seems to work OK (we are using it to forward our web & ftp). The
> use of 65535 as an 'Any' port is probably incorrect, but use of anything
> else
> needs changes to ipmasqadm.
>
> One problem as everything *behind* the firewall sees the firewall as
> those IP addresses,
> since the portfw code isn't entered in this case.
>
The approach is valid, just recall from ipmasqadm(8) man page that
ip_masq_mfw module can do this already, eg:

ipchains -I input -i ppp0 <...any_ipchains_selection_rules> -m 1234
ipmasqadm mfw -I -m 1234 -r internal_host
Regards

-- Juanjo http://juanjox.kernelnotes.org/
... because there IS an OS that CAN follow your power

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: dinon: "Re: linux-kernel-digest V1 #3852"
Previous message: Riley Williams: "Re: loading version nonsensitive module into version sensitive"