Date: Fri, 8 Jun 2001 11:02:24 -0400 (EDT) From: Ken Nagorski <kenn@pcintelligent.com> To: Erik Trulsson <ertr1013@student.uu.se> Cc: Dale Chulhan - Home <dchulhan@uwi.tt>, freebsd-questions@FreeBSD.ORG Subject: Re: Server redirection based on service request. Message-ID: <Pine.LNX.4.21.0106081053300.1064-100000@web.pcintelligent.com> In-Reply-To: <20010608153859.A32122@student.uu.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi there, I have used iptables with great success. As a matter of fact I say don't use anything else! Upgrade now. This is what I do at work. I have a devel that runs ssh right. but it sits inside the firewall, ( This does not matter same thing applies ) Anyway I need to send ssh traffic to it. So I have this rule ( Which I think is exactlly what you wanna do ) iptables -t nat -A PREROUTING -p tcp --dport 22 -i eth0 -j DNAT --to 192.168.1.4:12344 This rule does this. 1. iptables -t nat -> iptables and the tabkle is nat 2. -A PREROUTING -> Append to the PREROUTING table ( PREROUTING == incoming traffic ) 3. -p tcp --dport 22 -> the protocol is tcp and the destination port is 22 ( it came in on that port ) 4. -i eth0 -> Only apply thi rule to eth0 5. -j DNAT --to 192.168.1.4:12344 -> The -j DNAT mean jump to that rule, I wasn't sure about that when I first learned these... -> The last part says what IP to send it to and what port... That is what you wanna do right? Thanks Ken On Fri, 8 Jun 2001, Erik Trulsson wrote: > On Fri, Jun 08, 2001 at 09:30:08AM -0400, Dale Chulhan - Home wrote: > > Hello, > > > > I have seen it done a couple of times and I have not a clue as to how to > > do it. > > > > I need to redirect people's requests automatically based on the port the > > connection is made on ... > > > > Eg. > > > > Single public IP for mygate.co.com > > mygate.co.com:80 ----> Webserver1 ( static NAT, private IP ) > > mygate.co.com:8081---> Webserver2 ( Static NAT, private IP ) > > mygate.co.com:IMAP---> MailServer ( Static NAT, private IP ) > > mygate.co.com:SMTP---> MailServer ( Static NAT, private IP ) > > mygate.co.com:NNTP---> News Server ( Static NAT, private IP ) > > If you are using ipfw/natd for handling NAT then you can use the > -redirect_port flag for natd to do eactly what you want. > > See natd(8) for the details. > > If you are using something else I am afraid you will have to ask > somebody else. > > > -- IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0106081053300.1064-100000>