[Firewall] Port forwarding on multiple external IPs

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Mon Jul 28 04:18:52 MDT 2008


It doesn't...... This example only illustrates how it can be used in 
variables related to external interfaces. When using it for NAT forwards 
it works like:

NAT_FORWARD_TCP="{ext_ip}~0/0~80>{int_ip}"

a.

Swapnil Jain wrote:
> Arno van Amersfoort wrote:
>> The current beta3 can do this. The README still needs updating. But here 
>> is the info you need to get it work:
>>
>> - For configuration-variables/rules which are related to the external
>> (internet) interface one can restrict the interface(s) for which it is
>> applied to, by adding either "{interface1,interface2,...}~" or
>> "{interface_ip1,interface_ip2}~" at the beginning of the rule. The
>> latter is especially handy for aliased interfaces.
>>
>> Example 1: OPEN_TCP="eth0~22", would only open TCP port 22 (SSH) for
>> interface eth0
>>
>> Example 2: OPEN_TCP="1.2.3.4~22", would only open TCP port 22 (SSH) for
>>                interface which has the IP 1.2.3.4
>>
>> a.
>>
>> Swapnil Jain wrote:
>>   
>>> Arno van Amersfoort wrote:
>>>     
>>>> Yep, if you use firewall version 1.9.....
>>>>
>>>> Swapnil Jain wrote:
>>>>   
>>>>       
>>>>> Hi,
>>>>>
>>>>> I have an internet link with 6 public IPs. can i  forward ports to 
>>>>> internal hosts on this different public IPs. say...
>>>>>
>>>>> port 80 on public_ip_1 to 80 of internal_ip_1
>>>>> port 80 on public_ip_2 to 80 of internal_ip_2
>>>>> port 80 on public_ip_3 to 80 of internal_ip_3
>>>>>
>>>>> and so on...
>>>>>
>>>>>
>>>>>     
>>>>>         
>>>>   
>>>>       
>>> is it planned in 1.9 final or can be done in current beta3. as i could 
>>> not find anything new regarding this in beta3
>>>
>>>     
>>   
> but OPEN_TCP="eth0~22" will just open port 22 on ip of eth0, how does  
> it deal with port forwarding
> 

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list