Dario Lesca
2002-Mar-05 13:13 UTC
[Shorewall-users] Howto redirect external ip:port to internal ip:port
Hi!
I use the shorewall 1.2.8 an I want config this:
I have one Pubblic ip 1.2.3.4 on eth1 and internal network 10.1.1.0/24 on
eth0
how to do this?:
1) redirect all request on 1.2.3.4:80
to internal server 10.1.1.1:80
2) redirect all request on 1.2.3.4:81
to internal server 10.1.1.2:80
3) redirect request only from external net 4.3.2.0/24 on external ip
1.2.3.4:21,
to internal server 10.1.1.3:21
Please, someone show me how to this using the shorewall configurations files
Many Thank ... and sorry for my bad english, I am Italian.
-------
Dario Lesca (d.lesca@ivrea.osra.it)
Scott Merrill
2002-Mar-05 14:20 UTC
[Shorewall-users] Howto redirect external ip:port to internal ip:port
> Hi!Hi!> 1) redirect all request on 1.2.3.4:80 > to internal server 10.1.1.1:80 > > 2) redirect all request on 1.2.3.4:81 > to internal server 10.1.1.2:80 > > 3) redirect request only from external net 4.3.2.0/24 on external ip > 1.2.3.4:21, > to internal server 10.1.1.3:21/etc/shorewall/rules should contain something like this: # redirect incoming http requests to internal web server: ACCEPT net loc:10.1.1.1:80 tcp 80 - 1.2.3.4 ACCEPT net loc:10.1.1.2:80 tcp 81 - 1.2.3.4 # # redirect incoming ftp from 4.3.2.0/24 to internal ftp server ACCEPT net:4.3.2.0/24 loc:10.1.1.2:21 tcp 21 - 1.2.3.4 #
Cowles, Steve
2002-Mar-05 14:28 UTC
[Shorewall-users] Howto redirect external ip:port to internal ip:port
> -----Original Message----- > From: Dario Lesca [mailto:d.lesca@ivrea.osra.it] > Sent: Tuesday, March 05, 2002 7:13 AM > To: Shorewall Firewall > Subject: [Shorewall-users] Howto redirect external ip:port to internal > ip:port > > > Hi! > > I use the shorewall 1.2.8 an I want config this: > > I have one Pubblic ip 1.2.3.4 on eth1 and internal network > 10.1.1.0/24 on eth0 > > how to do this?: > > 1) redirect all request on 1.2.3.4:80 > to internal server 10.1.1.1:80This example is the first one listed in your /etc/shorewall/rules... ACCEPT net loc:10.1.1.1 tcp www - all> > 2) redirect all request on 1.2.3.4:81 > to internal server 10.1.1.2:80ACCEPT net loc:10.1.1.2:80 tcp 81 - all> > 3) redirect request only from external net 4.3.2.0/24 on external ip > 1.2.3.4:21, to internal server 10.1.1.3:21I haven''t tried this, but I think I''m close... ACCEPT net:4.3.2.0/24 loc:10.1.1.3 tcp ftp - all You can always change the "all" to your external ip address (1.2.3.4), but since you only have one external ip, I don''t believe it necessary. Steve Cowles
Dario Lesca
2002-Mar-05 14:30 UTC
[Shorewall-users] Howto redirect external ip:port to internal ip:port
----- Original Message ----- From: "Mario Kerecki" <marker@radiomoi.com>> Ciao Dario, > > It looks like you need simple masquerading and port forwarding. Hereis how> to get the desired result: > > first, this entry should be in your /etc/shorewall/masq file: > #INTERFACE SUBNET > eth1 10.1.1.0/24 > > The firewall must be the default gateway for this to work, then your > /etc/shorewall/rules file should have these entries: > > > ## for web you will need > ACCEPT net local:10.1.1.1 tcp 80 -all> > ACCEPT net local:10.1.1.2 tcp 81 -all> > change the config for 10.1.1.2 to listen on port 81 instead of port 80 forthis> to work > it also makes it easier to troubleshootThank you for the fast response, but unforunatly, for many reason, I can''t change the listen port on 10.1.1.2 (I use 81 for simplify but is another) then: from internet IP to 1.2.3.4:81, I must port forward to internal 10.1.1.2:80 I hoped that the shorewall do this form me, (iptables can do it). ... some suggest? Many Thank Dario Lesca (d.lesca@ivrea.osra.it)
Dario Lesca
2002-Mar-05 14:38 UTC
[Shorewall-users] Howto redirect external ip:port to internal ip:port
----- Original Message ----- From: "Scott Merrill" <smerrill@finelinegraphics.com>> /etc/shorewall/rules should contain something like this: > # redirect incoming http requests to internal web server: > ACCEPT net loc:10.1.1.1:80 tcp 80 - 1.2.3.4 > ACCEPT net loc:10.1.1.2:80 tcp 81 - 1.2.3.4Thankyou! probably this is the correct solutions Now I test it! Many Thank at all ------- Dario Lesca (d.lesca@ivrea.osra.it)
Paul Gear
2002-Mar-05 20:15 UTC
[Shorewall-users] Howto redirect external ip:port to internal ip:port
Dario Lesca wrote:> ... > Thank you for the fast response, but unforunatly, for many reason, > I can''t change the listen port on 10.1.1.2 (I use 81 for simplify but is > another) > then: from internet IP to 1.2.3.4:81, I must port forward to internal > 10.1.1.2:80 > > I hoped that the shorewall do this form me, (iptables can do it). > > ... some suggest?There are detailed instructions about this in the shorewall documentation. In fact, it''s FAQ #1. Check out http://shorewall.net/FAQ.htm#faq1. Paul http://paulgear.webhop.net