Re: [TCLUG:6777] ipchains and port forwarding

[JellyD <jellyd@jellyd.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 30 Jun 1999, Bob Tanner wrote:

[ snip post about using ipchains to redir host/port<->host2/port2 ]

You want to forward all ports, or some ports ? It'll work the
same way, you'll just have to specify which or all ports.

Here's how it works:

+ Your kernel needs the following options set to y:

CONFIG_FIREWALL
CONFIG_IP_FIREWALL
CONFIG_TRANSPARENT_PROXY

(at the bare minimum, AFAIK).

+ Set up ipchains rules on 206.10.252.7 like:

ipchains -I <chain> -p <proto> \
            -s 206.10.252.0/24 \
            -d 206.10.252.7 [port] \
            -j REDIRECT [new port]

Actually, now that I write this, I just realized that this only
works to redirect a local port to another local port, which is
what I'm using it for. Trying to use a new IP address (with
optional port) instead of [new port] fails, as I just tried.

That's a very good question ! I used to accomplish what you're
looking for by using the 'redir' program, but I'd heard that
the same functionality was implemented in the kernel using
ipchains now .. but I can't see where.

Actually, I was really hoping for that, because I've got plans
to do something akin to your setup there, just haven't found
the time to implement it yet.

Sorry I couldn't be any help. Anybody else ? <G>

- --
/------------------------->
| JellyD / Joshua Becker
| jellyd@jellyd.org

-----BEGIN PGP SIGNATURE-----
Version: GNUPG v0.4.3 (GNU/Linux)
Comment: For info finger gcrypt@ftp.guug.de

iD8DBQE3ecQKcmkpI69BOLwRAusVAKCIwaSr695gHnGgjM4iDHoQaub3WwCg0Jag
0ZgRyb0cZna5F5csd5qDhp4=
=Jf6C
-----END PGP SIGNATURE-----