[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] using susefirewall2 for NAT



Why don't you go direct through iptables (I think susefirewall do it)? You can write a shell script and use the following rules:

# for web server
iptables -A INPUT -d 200.200.200.1 -p tcp --dport 80 -J DNAT --to-destination 192.127.0.2

# for mail server
iptables -A INPUT -d 200.200.200.2 -p tcp --dport 25 -J DNAT --to-destination 192.127.0.2

# for ssh server
iptables -A INPUT -d 200.200.200.3 -p tcp --dport 80 -J DNAT --to-destination 192.127.0.3

Of course you have to care about other issues.

Best,

Fabrício Adorno




Arie Reynaldi Zanahar wrote:

Hi all,

I just joint suse-security, I have using suse 82. for several months. Right now I have problem using susefirewall2 for my firewall / router. I'd like to change my network topology from this

		Internet
		    |
		    | ---------- Web Server 200.200.200.1
		    | ---------- Mail Server (qmail) 200.200.200.2
		    | ---------- SSH server 200.200.200.3
	 	SuseFirewall2
		    |
		    |
		LAN		

To This :
		Internet
		    |
		    |
		    |	
		SuseFirewall (200....1 for web and SSH, 200...2 for mail )
		    |
		    |----------- Web Server 192.127.0.2
		    |----------- SSH server 192.127.0.3
		   LAN
With this case, if someone go to 200.200.200.1 port 80, will forwarded to my internal webserver 192.127.0.2, and if they use SSH to that IP, it will go to my SSH server. Right now I use astaro secure linux 4 as my firewall and I use NAT for this purpose. With SuSEFirewall2, how can I use it ? I've read EXAMPELS, FAQ and search the web but I still got no clue. If someone can point me examples or documentation to do that, I'd be more greatful.. :)

regards,



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here