| Stephen Gran on 1 Dec 2003 14:01:02 -0500 |
|
On Mon, Dec 01, 2003 at 01:44:05PM -0500, Ian Reinhart Geiser said:
> Hi,
> Im not even sure how to google for this question so if anyone could
> even give me a hint on what to google for that would be awesome.
>
> Basicly I have an iptables based firewall running on debian stable. I
> am already forwarding ports with success but now I would like to do
> port redirection based on the hostname requested. IE, ssh to
> cvs.kdedevelopers.org currently gives me the firewall... but I would
> like to have it forward to the system that hosts cvs.kdedevelopers.org
> that lies on a private IP. Can I do this without changing the port
> SSH is on the firewall?
>
> Any hints would be great.
>
> Cheers
> -ian reinhart geiser
I take it you have an arrangement like this:
Internet
|
|
Firewall
| | | |
LAN boxes
Correct?
And you want the firewall to redirect incoming ssh requests to one of
the LAN boxes.
I don't think trying to redirect by fqdn is a good idea (think DNS
timeouts and such), but doing it by IP is straightforward.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -d $IP_OF_CVS \
-j DNAT --to-destination $INTERNAL_IP
HTH,
--
--------------------------------------------------------------------------
| Stephen Gran | "And I don't like doing silly things |
| steve@lobefin.net | (except on purpose)." -- |
| http://www.lobefin.net/~steve | Larry Wall in |
| | <1992Jul3.191825.14435@netlabs.com> |
--------------------------------------------------------------------------
Attachment:
pgphA1soFQv5x.pgp
|
|