On 10/29/2010 3:22 AM, Rudi Ahlers wrote:
Hi all,
I wonder if someone can help me with this: The setup is as follows:
192.168.1.254 - wireless ADSL modem, with DHCP pool on 192.168.100 - 192.168.200 192.168.1.250 - Linux firewall RED interface 192.168.2.250 - Linux firewall GREEN interface.
There are some normal LAN clients behind the Linux firewall's GREEN interface, which can all access each other's shared services and also all the clients behind the RED interface. i.e. those clients connected to the 192.168.1.254 ADSL wifi APP directly.
Now I want the clients on the "outside" to connect to one specific host on the inside, behind the GREEN interface, on IP 192.168.1.20. How would I do that? I know I can do this with port fowarding, but need many ports forwarded. How do I give full access to all ports on this IP, instead of forwarding every port? Does that make sense?
<snip> Not much of a firewall if you allow everything, unless you're limiting the "outside" IPs.
Other solutions would be to allow either a range of ports. Ex --dport 5000:5500 --dport 1024:65535 (all unassigned ports)
or define the ports you wish to allow with a variable Ex FORWARDPORTS="1024 1025 1026"
even a hybred like this should work Ex FORWARDPORTS="1024 1025 1026 5000:5500" Then call the variable in your forward rules.
Dan