[CentOS] TCP/IP Port Relay
Frank M. Ramaekers
FRamaekers at ailife.com
Thu Apr 24 16:34:55 UTC 2008
As was implied before, both interfaces are connected internally (IntrA-net) and before I try the relay with VPN, I'm testing it on another internal computer (just to eliminate any VPN potential problems).
Frank M. Ramaekers Jr.
Systems Programmer MCP, MCP+I, MCSE & RHCE
American Income Life Insurance Co. Phone: (254)761-6649
1200 Wooded Acres Dr. Fax: (254)741-5777
Waco, Texas 76710
-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Vahur Jõesalu
Sent: Thursday, April 24, 2008 11:28 AM
To: CentOS mailing list
Subject: Re: [CentOS] TCP/IP Port Relay
well you can't - to the best of my knowledge. And I cannot see the
reason for wanting it. The idea of using -i and -o in FORWARD chain is
to specify the direction traffic is allowed to go. It could be that
firewall is blocking all outgoing traffic. Omitting -i and -o would
allow the internal server to initiate traffic to port 23 anywhere in the
internet.
Virtual interface is for assigning additional IP-s to same interface, so
any rules regarding interface still apply to the whole of physical
network card.
-vahur
James Pifer wrote:
> On Thu, 2008-04-24 at 17:27 +0300, Vahur Jõesalu wrote:
>> hmm, if I understood you correctly, then this should work just fine (on
>> linux firewall):
>>
>> /sbin/iptables -t nat -I PREROUTING -p tcp --dport 23 -j DNAT \
>> --to telnetserverip:port-number
>> /sbin/iptables -I FORWARD -i external_interface -o internal_interface \
>> -p tcp -d telnetserverip --dport portnumberontelnetserver -j ACCEPT
>>
>> after a reboot or firewall service restart it's gone again.
>>
>> -vahur
>
> Sorry to jump in on someone else's thread, but... How do you do this if
> the interface you want to use is a virtual? Meaning it's eth0:1 for
> example? The -i parameter will not let you use that.
>
> Thanks,
> James
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos
_____________________________________________________
This message contains information which is privileged and confidential and is solely for the use of the
intended recipient. If you are not the intended recipient, be aware that any review, disclosure,
copying, distribution, or use of the contents of this message is strictly prohibited. If you have
received this in error, please destroy it immediately and notify us at PrivacyAct at ailife.com.
More information about the CentOS
mailing list