What do I need to do?

Pete Nesbitt pete at linux1.ca
Thu Mar 4 09:31:10 UTC 2004 

On March 4, 2004 04:08 am, Thomas E. Dukes wrote:
> > -----Original Message-----
> > From: redhat-list-admin at redhat.com
> > [mailto:redhat-list-admin at redhat.com] On Behalf Of Pete Nesbitt
> > Sent: Thursday, March 04, 2004 12:52 AM
> > To: redhat-list at redhat.com
> > Subject: Re: What do I need to do?
> >
> > On March 3, 2004 05:51 pm, Thomas E. Dukes wrote:
> > > Hello,
> > >
> > > I'd like to have a local machine behind a firewall to receive www
> > > requests from the outside.  I have a firewall using IP
> >
> > Masqueurading
> >
> > > with port forwarding but that doesn't work.  I keep getting
> >
> > the "visable" machine.
> >
> > > Do I need to setup a bridge, proxy server or is there
> >
> > something I need
> >
> > > to do with my local dns, etc.?  I don't really know what this is
> > > called to know where to start.
> > >
> > > TIA
> >
> > Hi Thomas,
> > I'm running a similar setup, but the server is in a dmz. All
> > you need for that aspect of the firewall rules is pre and
> > post routes above the main rules, something like:
> >
> > #inbound redircts to webserver (all one line) $IPTABLES -A
> > PREROUTING -t nat -p tcp -i $EXT_IF --dport 80 -j DNAT
> > --to-destination $WEB_SERVER_IIP
> >
> > # outbound web server connections are all masquaraded  (all
> > one line) $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s
> > $WEB_SERVER_IP -j MASQUERADE
>
> Thanks for your help!!
>
> What are the values for $EXT_IF and $WEB_SERVER_IIP?  I am guessing $EXT_IF
> is the single external ip address and $WEB_SERVER_IIP is the internal ip
> addrerss of the local machine behind the firewall, right?
>
> Wouldn't I need to change the port to something different than 80, such as
> 8080, so I can get www requests on both the visable and internal machine?
> (The internal machine is a XP Pro server.  I want to be able to run ASP
> applications that use MS_Access or MSSQL databases.)
>

$EXT_IF is your external interface, typically eth0 and $WEB_SERVER_IIP (should 
be IP not IIP) would be the web servers IP address. It is good practice and 
makes for easy tweaks if you use variables and defie they at the top of your 
script:
IPTABLES=/sbin/iptables
EXT_IF="eth0"
WEB_SERVER_IP="192.168.1.3"

To use both boxes as web servers, you probably need to set the incomint port 
to say 8080, but the internal (redirected) can be anything (including 80), so 
to redirect requests arriving on port 8080 and sending them to port 9090 on 
the internal, the inbound, the rules would be:

#inbound redircts to webserver (all one line)
$IPTABLES -A PREROUTING -t nat -p tcp -i $EXT_IF --dport 8080 -j DNAT  
--to-destination $WEB_SERVER_IP:9090  

-- 
Pete Nesbitt, rhce

More information about the redhat-list mailing list