Re: [PLUG] iptables question

LeRoy Cressy on 1 Dec 2003 15:28:02 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables question

From: LeRoy Cressy <ldc@lrcressy.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] iptables question

Date: Mon, 01 Dec 2003 15:26:29 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Another idea might be using the string match. To use the string match you have to grab the iptables source and compile the kernel patches. It is not part of the standard kernel.

I use the strings match for filtering nasty spam at the firewall

Ian Reinhart Geiser wrote:
On Monday 01 December 2003 02:01 pm, Stephen Gran wrote:

On Mon, Dec 01, 2003 at 01:44:05PM -0500, Ian Reinhart Geiser said:

Hi, Im not even sure how to google for this question so if anyone could even give me a hint on what to google for that would be awesome.

Basicly I have an iptables based firewall running on debian stable. I am already forwarding ports with success but now I would like to do port redirection based on the hostname requested. IE, ssh to cvs.kdedevelopers.org currently gives me the firewall... but I would like to have it forward to the system that hosts cvs.kdedevelopers.org that lies on a private IP. Can I do this without changing the port SSH is on the firewall?

Any hints would be great.

Cheers -ian reinhart geiser

I take it you have an arrangement like this:

Internet

Firewall

LAN boxes

Correct?

yes.

And you want the firewall to redirect incoming ssh requests to one of the LAN boxes.
well multiple, there are 3 boxes total, each with their own CVS servers over ssh.

I don't think trying to redirect by fqdn is a good idea (think DNS timeouts and such), but doing it by IP is straightforward.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -d $IP_OF_CVS \ -j DNAT --to-destination $INTERNAL_IP

Yes im aware of this, please read the email next time ;)

What i really want is to forward via FQDN but there seems to be no real information on the subject. So im assuming it may not be possible.

Cheers -ian reinhart geiser

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

- -- Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\ http://lrcressy.com ( o.o ) Phone: 215-535-4037 > ^ < FAX: 215-535-4285

gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA

For info on enigmail: http://lrcressy.com/linux/mozilla.pdf For info on gpg: http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQE/y6P8P+/m2oUBr+oRAn7jAJ9rzAzk0KhvtLEWWzfEnoISmz2zSACgjk/R zdFfK6DpGcvDlx1kcBELkS4= =uoIF -----END PGP SIGNATURE-----

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] iptables question
From: Ian Reinhart Geiser <geiseri@yahoo.com>

Re: [PLUG] iptables question
From: Stephen Gran <steve@lobefin.net>

Re: [PLUG] iptables question
From: Ian Reinhart Geiser <geiseri@yahoo.com>

Prev by Date: Re: [PLUG] iptables question

Next by Date: Re: [PLUG] iptables question

Previous by thread: Re: [PLUG] iptables question

Next by thread: Re: [PLUG] iptables question

Index(es):

Date

Thread