Iptables and portforwarding to an internal webserver.
Ken Bradford
ken at alpha2.com
Fri Jun 11 15:00:46 EDT 2004
> -----Original Message-----
> From: Chris Fuhrman [mailto:chris.fuhrman at tfcci.com]
> Sent: Friday, June 11, 2004 8:46 AM
> To: ken at alpha2.com
> Cc: colug at colg.net
> Subject: Re: Iptables and portforwarding to an internal webserver.
>
>
> Howdy,
>
> I ran into this problem when I was running a webserver behind an
> OpenBSD-based firewall. A solution I came across in the OpenBSD FAQ was
> the following:
>
> 1) Set up an entry in /etc/inetd.conf like this:
>
> 127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w \
> 20 192.168.1.10 80
>
> This sets up a listener on localhost port 5000 that will
> automatically redirect to 192.168.1.10's web server. Note that
> nc (netcat) doesn't seem to be included with Fedora. There are RPMs
> available via http://rpm.pbone.net
>
> If you're using xinetd, create the appropriate file in /etc/xinetd.d/
>
> 2) Set up an iptables entry to redirect all traffic bound from your
> internal ip address space to your OUTSIDE web server's IP address
> and have it redirect to your firewall's internal port 5000.
>
> Unfortunately, I'm not up on my iptable-ese so I'm not certain of the
> exact syntax. Perhaps something like this:
>
> $IPT -A FORWARD -p TCP -i ${INTERNAL_INTERFACE} -d ${NET} -dport 80 \
> --to 127.0.0.1:5000
>
> Restart inetd/xinetd and iptables and give it a whirl.
>
> Cheers!
>
I'm not sure if that gets around my problem or not (see my reply ro Rob's
reply) but I dl'd an rpm and I'm going to check it out. Thanks.
Ken Bradford
Alpha II Service, Inc.
More information about the colug
mailing list