Solved

How to make a redirecting ?

Posted on 2002-04-26
7
254 Views
Last Modified: 2010-03-18
I have a RedHat 7.2 PC, which is configured as firewall, using ipchains. I have an internal network 192.168.x.x/255.255.0.0, which this firewall is protecting. The firewall has multiple real IP addresses ( done with aliasing ).

I also have a WEB server, which is connected to my external network ( let's assume it has ip address 212.111.111.111 ).

I want to connect the WEB server to the internal network and to add its IP address as another alias in the firewall and somehow to make redirection. Assuming the internal IP address of the WEB server will be 192.168.0.5.

So, the firewall will have the real IP address of my WEB server (212.111.111.111) and should redirect all the incoming packages on port 80 to 192.168.0.5:80.

My question is how can I make it with ipchains or another tool.
0
Comment
Question by:tkalchev
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 3

Accepted Solution

by:
hnminh earned 200 total points
ID: 6975255
you should use iptables instead (which is recommended for RH7.2). This task can be done by DNAT, sample is like this

$iptables -t nat -A PREROUTING -p tcp --destination-port 80 -s 0/0 -d 212.111.111.111 -j DNAT --to-destination 192.168.0.5:80

someone please correct me if we should use OUTPUT chains instead!!!
0
 
LVL 3

Expert Comment

by:hnminh
ID: 6975256
you should use iptables instead (which is recommended for RH7.2). This task can be done by DNAT, sample is like this

$iptables -t nat -A PREROUTING -p tcp --destination-port 80 -s 0/0 -d 212.111.111.111 -j DNAT --to-destination 192.168.0.5:80

someone please correct me if we should use OUTPUT chains instead!!!
0
 
LVL 9

Author Comment

by:tkalchev
ID: 6975395
Thanks hnminh, I will try this solution
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:escheider
ID: 6976089
if you're using ipchains, download, install and use the tool ipmasqadm.  I haven't used RH 7.2, so I am assuming that this tool works with it.

Then, you can forward all web requests from 212.x.x.111 to 192.168.0.5

download the tool here:

ftp://ftp.redhat.com/pub/contrib/libc6/i386/ipmasqadm-0.4.2-4.i386.rpm

incorporate this into your existing firewall script:

ipmasqadm portfw -a -P tcp -L 212.111.111.111 80 -R 192.168.0.5  80
0
 
LVL 9

Author Comment

by:tkalchev
ID: 6976577
Thanks to escheider also, I will try
0
 
LVL 9

Author Comment

by:tkalchev
ID: 6976613
To escheider :

When I try to use ipmasqadm I am receiving this error :

portfw: setsockopt failed: Invalid argument
0
 
LVL 9

Author Comment

by:tkalchev
ID: 6976617
Also when I try to run : ipmasqadm portfw -l to see if something has happened I am getting this :

portfw: setsockopt failed: Invalid argument
Could not open "/proc/net/ip_masq/portfw"
Could not open "/proc/net/ip_portfw"
Check if you have enabled portforwarding

How to enable the portforwarding
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…

736 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question