[ale] Firewall rules / filtering

Chris Ricker chris.ricker at genetics.utah.edu
Thu Jul 15 16:55:16 EDT 1999


On Thu, 15 Jul 1999, Michael A. Smith wrote:

> I would like incoming traffic to my firewall on port 80 to be routed to a
> web server inside my firewall.  Does anyone have a good rule using ipchains
> to do this?
> 

Ipchains won't do that.  You need to enable IPPORTFW when you compile your
kernel, and then use ipmasqadm [1].

Note that for ipmasqadm to work, though, you do have to be forwarding the
packets with ipchains as well first (is this getting confusing yet? ;-).

Something like

ipchains -I forward -p tcp -s 10.0.0.1/32 80 -j MASQ
ipmasqadm portfw -a -P TCP -L 1.2.3.4 80 -R 10.0.0.1 80

(where 1.2.3.4 is your firewall ip and 10.0.0.1 is your internal web server)

should be enough to get you started.

You can also do all this entirely in userspace, using redir which sets up a
socket connection between your firewall and your web server, and shoves
everything coming to port 80 on the firewall down that socket.  I've not
used it in a long time and ipmasqadm is the recommended solution, though.

later,
chris

[1] http://juanjox.linuxhq.com/

-- 
Chris Ricker                                               kaboom at gatech.edu
                                              chris.ricker at genetics.utah.edu






More information about the Ale mailing list