[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] using susefirewall2 for NAT



On Tue, 2004-01-27 at 06:01, Fabricio Adorno wrote:
> Why don't you go direct through iptables (I think susefirewall do it)? 
> You can write a shell script and use the following rules:
> 
> # for web server
> iptables -A INPUT -d 200.200.200.1 -p tcp --dport 80 -J DNAT 
> --to-destination 192.127.0.2
> 
> # for mail server
> iptables -A INPUT -d 200.200.200.2 -p tcp --dport 25 -J DNAT 
> --to-destination 192.127.0.2
> 
> # for ssh server
> iptables -A INPUT -d 200.200.200.3 -p tcp --dport 80 -J DNAT 
> --to-destination 192.127.0.3
> 
> Of course you have to care about other issues.
> 
> Best,
> 
> Fabrício Adorno

Just curious as to why this person would be using public addresses
internally? There are plenty of private addresses to use.

-- 
Ken Schneider
unix user since 1989
linux user since 1994
SuSE user since 1998 (5.2)



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here