[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I use the strings match for filtering nasty spam at the firewall
On Monday 01 December 2003 02:01 pm, Stephen Gran wrote:
On Mon, Dec 01, 2003 at 01:44:05PM -0500, Ian Reinhart Geiser said:
Hi, Im not even sure how to google for this question so if anyone could even give me a hint on what to google for that would be awesome.
Basicly I have an iptables based firewall running on debian stable. I am already forwarding ports with success but now I would like to do port redirection based on the hostname requested. IE, ssh to cvs.kdedevelopers.org currently gives me the firewall... but I would like to have it forward to the system that hosts cvs.kdedevelopers.org that lies on a private IP. Can I do this without changing the port SSH is on the firewall?
Any hints would be great.
Cheers -ian reinhart geiser
I take it you have an arrangement like this:
Internet
Firewall
LAN boxes
Correct?
yes.
And you want the firewall to redirect incoming ssh requests to one of the LAN boxes.
well multiple, there are 3 boxes total, each with their own CVS servers over ssh.
I don't think trying to redirect by fqdn is a good idea (think DNS timeouts and such), but doing it by IP is straightforward.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -d $IP_OF_CVS \ -j DNAT --to-destination $INTERNAL_IP
Yes im aware of this, please read the email next time ;)
What i really want is to forward via FQDN but there seems to be no real information on the subject. So im assuming it may not be possible.
Cheers -ian reinhart geiser
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA
For info on enigmail: http://lrcressy.com/linux/mozilla.pdf For info on gpg: http://www.gnupg.org/
Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org
iD8DBQE/y6P8P+/m2oUBr+oRAn7jAJ9rzAzk0KhvtLEWWzfEnoISmz2zSACgjk/R zdFfK6DpGcvDlx1kcBELkS4= =uoIF -----END PGP SIGNATURE-----
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug