[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

How to make a redirecting ?

I have a RedHat 7.2 PC, which is configured as firewall, using ipchains. I have an internal network 192.168.x.x/255.255.0.0, which this firewall is protecting. The firewall has multiple real IP addresses ( done with aliasing ).

I also have a WEB server, which is connected to my external network ( let's assume it has ip address 212.111.111.111 ).

I want to connect the WEB server to the internal network and to add its IP address as another alias in the firewall and somehow to make redirection. Assuming the internal IP address of the WEB server will be 192.168.0.5.

So, the firewall will have the real IP address of my WEB server (212.111.111.111) and should redirect all the incoming packages on port 80 to 192.168.0.5:80.

My question is how can I make it with ipchains or another tool.
0
tkalchev
Asked:
tkalchev
  • 4
  • 2
1 Solution
 
hnminhCommented:
you should use iptables instead (which is recommended for RH7.2). This task can be done by DNAT, sample is like this

$iptables -t nat -A PREROUTING -p tcp --destination-port 80 -s 0/0 -d 212.111.111.111 -j DNAT --to-destination 192.168.0.5:80

someone please correct me if we should use OUTPUT chains instead!!!
0
 
hnminhCommented:
you should use iptables instead (which is recommended for RH7.2). This task can be done by DNAT, sample is like this

$iptables -t nat -A PREROUTING -p tcp --destination-port 80 -s 0/0 -d 212.111.111.111 -j DNAT --to-destination 192.168.0.5:80

someone please correct me if we should use OUTPUT chains instead!!!
0
 
tkalchevAuthor Commented:
Thanks hnminh, I will try this solution
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
escheiderCommented:
if you're using ipchains, download, install and use the tool ipmasqadm.  I haven't used RH 7.2, so I am assuming that this tool works with it.

Then, you can forward all web requests from 212.x.x.111 to 192.168.0.5

download the tool here:

ftp://ftp.redhat.com/pub/contrib/libc6/i386/ipmasqadm-0.4.2-4.i386.rpm

incorporate this into your existing firewall script:

ipmasqadm portfw -a -P tcp -L 212.111.111.111 80 -R 192.168.0.5  80
0
 
tkalchevAuthor Commented:
Thanks to escheider also, I will try
0
 
tkalchevAuthor Commented:
To escheider :

When I try to use ipmasqadm I am receiving this error :

portfw: setsockopt failed: Invalid argument
0
 
tkalchevAuthor Commented:
Also when I try to run : ipmasqadm portfw -l to see if something has happened I am getting this :

portfw: setsockopt failed: Invalid argument
Could not open "/proc/net/ip_masq/portfw"
Could not open "/proc/net/ip_portfw"
Check if you have enabled portforwarding

How to enable the portforwarding
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now