From: Daniel Bergqvist daniel@netatonce.se
To: lartc@vger.kernel.org
Subject: SV: [LARTC] Packet rewriting
Date: Wed, 25 Oct 2000 14:42:17 +0000 [thread overview]
Message-ID: <marc-lartc-98373938216842@msgid-missing> (raw)
<PRE>I'm not sure of what you want but here is an example:
(Assuming local net is 10.0.0.160/27)
# Accept icmp (for example ping)
ipchains -A output -p icmp -j ACCEPT
# Deny TCP sessions to local network (that is noone outside
# the firewall may access web, ftp,... at your local net)
# (Note the -y option)
ipchains -A output -p tcp -d 10.0.0.160/27 -y -j DENY
# Accept any TCP packets to local network
ipchains -A output -p tcp -d 10.0.0.160/27 -j ACCEPT
# Maybe you want some UDP ports open
# Accept port 4000/UDP to local network
ipchains -A output -p udp -d 10.0.0.160/27 4000 -j ACCEPT
# Deny anything else to local network
ipchains -A output -d 10.0.0.160/27 -j DENY
Regards,
Daniel
><i> -----Ursprungligt meddelande-----
</I>><i> Från: <A HREF="mailto:lartc-admin@mailman.ds9a.nl">lartc-admin@mailman.ds9a.nl</A>
</I>><i> [mailto:<A HREF="mailto:lartc-admin@mailman.ds9a.nl">lartc-admin@mailman.ds9a.nl</A>]För Fredrik Rambris
</I>><i> Skickat: Wednesday, October 25, 2000 3:31 PM
</I>><i> Till: Linux Advanced Routing and Trafic Control
</I>><i> Ämne: [LARTC] Packet rewriting
</I>><i>
</I>><i>
</I>><i> Hello
</I>><i>
</I>><i> Now here's a problem I've never thought of before.
</I>><i>
</I>><i> We have been given a net from UUNET. The first IP-address (.161) is used
</I>><i> by their router (which we have no access to fiddle with). I have
</I>><i> installed a firewall at .162 which will serve both as firewall and
</I>><i> trafic controller. My question is how to I make the public IP-addresses
</I>><i> accessible from the outside and still be located behind the firewall?
</I>><i> Like this
</I>><i>
</I>><i> [Internet]--[UU-Router.161]--[Firewall.162]
</I>><i> I want to be able to put a machine behind the firewall on a public
</I>><i> IP-adress (.163) but still protected by the firewall. I was told that
</I>><i> this could be done in other firewalls by aliasing the NIC on the outside
</I>><i> to all public ip-addresses and then have the firewall forward these
</I>><i> packets to a computer on the inside. Like portforwarding but a whole
</I>><i> machine (all ports) on all protocols (under IP ofcause) (not blocked by
</I>><i> the firewall).
</I>><i>
</I>><i> Is this possible with ipchains and some fancy packetrewriting?
</I>><i>
</I>><i> Anyone have any tips?
</I>><i> --
</I>><i> Admera Solution Provider AB
</I>><i> Tel: 0733-850 814
</I>><i> Position: 55°36´13N 13°03´36E
</I>
</PRE>
next reply other threads:[~2000-10-25 14:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-10-25 14:42 Daniel [this message]
2000-10-25 16:34 ` SV: [LARTC] Packet rewriting Daniel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-98373938216842@msgid-missing \
--to=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.