Solved

How to make a redirecting ?

Posted on 2002-04-26
7
249 Views
Last Modified: 2010-03-18
I have a RedHat 7.2 PC, which is configured as firewall, using ipchains. I have an internal network 192.168.x.x/255.255.0.0, which this firewall is protecting. The firewall has multiple real IP addresses ( done with aliasing ).

I also have a WEB server, which is connected to my external network ( let's assume it has ip address 212.111.111.111 ).

I want to connect the WEB server to the internal network and to add its IP address as another alias in the firewall and somehow to make redirection. Assuming the internal IP address of the WEB server will be 192.168.0.5.

So, the firewall will have the real IP address of my WEB server (212.111.111.111) and should redirect all the incoming packages on port 80 to 192.168.0.5:80.

My question is how can I make it with ipchains or another tool.
0
Comment
Question by:tkalchev
  • 4
  • 2
7 Comments
 
LVL 3

Accepted Solution

by:
hnminh earned 200 total points
ID: 6975255
you should use iptables instead (which is recommended for RH7.2). This task can be done by DNAT, sample is like this

$iptables -t nat -A PREROUTING -p tcp --destination-port 80 -s 0/0 -d 212.111.111.111 -j DNAT --to-destination 192.168.0.5:80

someone please correct me if we should use OUTPUT chains instead!!!
0
 
LVL 3

Expert Comment

by:hnminh
ID: 6975256
you should use iptables instead (which is recommended for RH7.2). This task can be done by DNAT, sample is like this

$iptables -t nat -A PREROUTING -p tcp --destination-port 80 -s 0/0 -d 212.111.111.111 -j DNAT --to-destination 192.168.0.5:80

someone please correct me if we should use OUTPUT chains instead!!!
0
 
LVL 9

Author Comment

by:tkalchev
ID: 6975395
Thanks hnminh, I will try this solution
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 4

Expert Comment

by:escheider
ID: 6976089
if you're using ipchains, download, install and use the tool ipmasqadm.  I haven't used RH 7.2, so I am assuming that this tool works with it.

Then, you can forward all web requests from 212.x.x.111 to 192.168.0.5

download the tool here:

ftp://ftp.redhat.com/pub/contrib/libc6/i386/ipmasqadm-0.4.2-4.i386.rpm

incorporate this into your existing firewall script:

ipmasqadm portfw -a -P tcp -L 212.111.111.111 80 -R 192.168.0.5  80
0
 
LVL 9

Author Comment

by:tkalchev
ID: 6976577
Thanks to escheider also, I will try
0
 
LVL 9

Author Comment

by:tkalchev
ID: 6976613
To escheider :

When I try to use ipmasqadm I am receiving this error :

portfw: setsockopt failed: Invalid argument
0
 
LVL 9

Author Comment

by:tkalchev
ID: 6976617
Also when I try to run : ipmasqadm portfw -l to see if something has happened I am getting this :

portfw: setsockopt failed: Invalid argument
Could not open "/proc/net/ip_masq/portfw"
Could not open "/proc/net/ip_portfw"
Check if you have enabled portforwarding

How to enable the portforwarding
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video discusses moving either the default database or any database to a new volume.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now