Re: [PLUG] iptables question

Ian Reinhart Geiser on 1 Dec 2003 14:32:03 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables question

From: Ian Reinhart Geiser <geiseri@yahoo.com>

To: PLUG <plug@lists.phillylinux.org>

Subject: Re: [PLUG] iptables question

Date: Mon, 1 Dec 2003 14:31:18 -0500

Organization: Test

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: KMail/1.5.94

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 01 December 2003 02:01 pm, Stephen Gran wrote: > On Mon, Dec 01, 2003 at 01:44:05PM -0500, Ian Reinhart Geiser said: > > Hi, > > Im not even sure how to google for this question so if anyone could > > even give me a hint on what to google for that would be awesome. > > > > Basicly I have an iptables based firewall running on debian stable. I > > am already forwarding ports with success but now I would like to do > > port redirection based on the hostname requested. IE, ssh to > > cvs.kdedevelopers.org currently gives me the firewall... but I would > > like to have it forward to the system that hosts cvs.kdedevelopers.org > > that lies on a private IP. Can I do this without changing the port > > SSH is on the firewall? > > > > Any hints would be great. > > > > Cheers > > -ian reinhart geiser > > I take it you have an arrangement like this: > > Internet > > > Firewall > > LAN boxes > > Correct? > yes. > And you want the firewall to redirect incoming ssh requests to one of > the LAN boxes. well multiple, there are 3 boxes total, each with their own CVS servers over ssh. > > I don't think trying to redirect by fqdn is a good idea (think DNS > timeouts and such), but doing it by IP is straightforward. > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -d $IP_OF_CVS \ > -j DNAT --to-destination $INTERNAL_IP Yes im aware of this, please read the email next time ;) What i really want is to forward via FQDN but there seems to be no real information on the subject. So im assuming it may not be possible. Cheers -ian reinhart geiser - -- - --:Ian Reinhart Geiser <geiseri@yahoo.com> - --:Public Key: http://geiseri.myip.org/~geiseri/publickey.asc - --:Public Calender: http://geiseri.myip.org/~geiseri/publicevents.ics - --:Jabber: geiseri@geiseri.myip.org - --:Be an optimist -- at least until they start moving animals in - --: pairs to Cape Canaveral. ~ Source Unknown -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/y5cOPy62TRm8dvgRArnyAKDqTZ884fbTKM2w6ZFqK6UUPx/qOACg267z vUs06l8forwr+gPjriuO81Q= =AC0d -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] iptables question
From: Paul <emailme@dpagin.net>

Re: [PLUG] iptables question
From: LeRoy Cressy <ldc@lrcressy.com>

Re: [PLUG] iptables question
From: Stephen Gran <steve@lobefin.net>

References:

[PLUG] iptables question
From: Ian Reinhart Geiser <geiseri@yahoo.com>

Re: [PLUG] iptables question
From: Stephen Gran <steve@lobefin.net>

Prev by Date: Re: [PLUG] iptables question

Next by Date: Re: [PLUG] iptables question

Previous by thread: Re: [PLUG] iptables question

Next by thread: Re: [PLUG] iptables question

Index(es):

Date

Thread