From owner-freebsd-questions  Fri Jun  8  9: 1:13 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.pcintelligent.com (dsl081-221-003.nyc1.dsl.speakeasy.net [64.81.221.3])
	by hub.freebsd.org (Postfix) with ESMTP id 1EAA737B401
	for <freebsd-questions@FreeBSD.ORG>; Fri,  8 Jun 2001 09:01:08 -0700 (PDT)
	(envelope-from kenn@pcintelligent.com)
Received: from web.pcintelligent.com (IDENT:kenn@web.pcintelligent.com [64.81.221.3])
	by mail.pcintelligent.com (8.9.3/8.9.3) with ESMTP id LAA01161;
	Fri, 8 Jun 2001 11:02:24 -0400
Date: Fri, 8 Jun 2001 11:02:24 -0400 (EDT)
From: Ken Nagorski <kenn@pcintelligent.com>
To: Erik Trulsson <ertr1013@student.uu.se>
Cc: Dale Chulhan - Home <dchulhan@uwi.tt>,
	freebsd-questions@FreeBSD.ORG
Subject: Re: Server redirection based on service request.
In-Reply-To: <20010608153859.A32122@student.uu.se>
Message-ID: <Pine.LNX.4.21.0106081053300.1064-100000@web.pcintelligent.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi there,

	I have used iptables with great success. As a matter of fact I say
don't use anything else! Upgrade now. This is what I do at work. I have a
devel that runs ssh right. but it sits inside the firewall, ( This does
not matter same thing applies ) Anyway I need to send ssh traffic to
it. So I have this rule ( Which I think is exactlly what you wanna do )

iptables -t nat -A PREROUTING -p tcp --dport 22 -i eth0 -j DNAT 
 --to 192.168.1.4:12344 

This rule does this. 

1. iptables -t nat
 -> iptables and the tabkle is nat

2. -A PREROUTING 
 -> Append to the PREROUTING table ( PREROUTING == incoming traffic )

3. -p tcp --dport 22
 -> the protocol is tcp and the destination port is 22 
		( it came in on that port )

4. -i eth0
 -> Only apply thi rule to eth0

5. -j DNAT --to 192.168.1.4:12344
 -> The -j DNAT mean jump to that rule, I wasn't sure about that when I
first learned these...
 -> The last part says what IP to send it to and what port... That is what
you wanna do right?

Thanks
Ken

On Fri, 8 Jun 2001, Erik Trulsson wrote:

> On Fri, Jun 08, 2001 at 09:30:08AM -0400, Dale Chulhan - Home wrote:
> > Hello,
> > 
> > I have seen it done a couple of times and I have not a clue as to how to
> > do it.
> > 
> > I need to redirect people's requests automatically based on the port the
> > connection is made on ...
> > 
> > Eg.
> > 
> > Single public IP for mygate.co.com
> > mygate.co.com:80 ----> Webserver1 ( static NAT, private IP )
> > mygate.co.com:8081---> Webserver2 ( Static NAT, private  IP )
> > mygate.co.com:IMAP---> MailServer ( Static NAT, private  IP )
> > mygate.co.com:SMTP---> MailServer ( Static NAT, private  IP )
> > mygate.co.com:NNTP---> News Server ( Static NAT, private  IP )
> 
> If you are using ipfw/natd for handling NAT then you can use the
> -redirect_port flag for natd to do eactly what you want.
> 
> See natd(8) for the details.
> 
> If you are using something else I am afraid you will have to ask
> somebody else.
> 
> 
> 

-- 
IMPORTANT: This email is intended for the use of the individual addressee(s)
named above and may contain information that is confidential, privileged
or unsuitable for overly sensitive persons with low self-esteem, no sense 
of humour or irrational religious beliefs. If you are not the intended 
recipient, any dissemination, distribution or copying of this email is not 
authorised (either explicitly or implicitly) and constitutes an irritating 
social faux pas. 

Unless the word absquatulation has been used in its correct context somewhere
other than in this warning, it does not have any legal or no grammatical use 
and may be ignored. No animals were harmed in the transmission of this email, 
although the kelpie next door is living on borrowed time, let me tell you. 
Those of you with an overwhelming fear of the unknown will be gratified to 
learn that there is no hidden message revealed by reading this warning
 backwards, so just ignore that Alert Notice from Microsoft. 

However, by pouring a complete circle of salt around yourself and your 
computer you can ensure that no harm befalls you and your pets. If you 
have received this email in error, please add some nutmeg and egg whites, 
whisk and place in a warm oven for 40 minutes. 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message