Firewall

mike neuliep mike at marauder.illiana.net
Mon Jun 18 14:15:01 CDT 2001 

Gene,

You would use the ipmasqadm command after your firewall rules are set up.
In the below example (this really doesn't exist, don't even try it)
I am listening for smtp (25) and telnet (23) connections on 65.204.100.198
and then redirecting them to 10.10.10.22.  If you need say, multiple mail 
servers, you can just add IP addresses (eth1:1, eth1:2) on your firewall
and then have ipmasqadm listen on those addresses.

I'm in the process of learning on this myself and I'd be interested to
know if you need that ipsec patch for 2.2.19 kernel also?  I'd like to
build ipsec vpns that terminate inside my firewall as well as originate
behind my firewall to connect to where I work full time.

Let me know how the below works out for you.

	Mike

 /usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L 65.204.100.198 25 -R 10.10.10.22
25
/usr/sbin/ipmasqadm portfw -a -P tcp -L 65.204.100.198 23 -R 10.10.10.22
23

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Mike Neuliep     | Pager: 630-314-0163 | Web, mail & domain hosting services
Illiana Internet | Work:  219-864-4179 | Firewall and network configurations
mike at illiana.net |   www.illiana.net   | Internet access & co-lo available
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

On Mon, 18 Jun 2001, Gene Dascher wrote:

> I am running a 486 DX280 with RedHat 6.2 - kernel 2.2.17 patched to
> include IPSec Packet support for IPChains as my firewall at home.  I
> have Comcast @Home for my broadband internet service with a static IP
> address.  I have another machine (P5-166) that I want to use as a
> webserver for internal and external sources.  What program(s) do I need
> to look at to redirect any http requests from outside (read: Internet)
> from my firewall box to my webserver box?  I DO NOT want to use LRP or
> any other floppy-based solution, as it has taken me a while to get my
> firewall running EXACTLY how I want, and I need the IPSc packet
> forwarding ability to do work from home.
> 
> Thanks,
> Gene Dascher
> 
> 
>

More information about the Kclug mailing list