[Firewall] Port forwarding on multiple external IPs

Swapnil Jain swapnil.indore at gmail.com
Mon Jul 28 06:23:40 MDT 2008


Arno van Amersfoort wrote:
> It doesn't...... This example only illustrates how it can be used in 
> variables related to external interfaces. When using it for NAT forwards 
> it works like:
>
> NAT_FORWARD_TCP="{ext_ip}~0/0~80>{int_ip}"
>
> a.
>
> Swapnil Jain wrote:
>   
>> Arno van Amersfoort wrote:
>>     
>>> The current beta3 can do this. The README still needs updating. But here 
>>> is the info you need to get it work:
>>>
>>> - For configuration-variables/rules which are related to the external
>>> (internet) interface one can restrict the interface(s) for which it is
>>> applied to, by adding either "{interface1,interface2,...}~" or
>>> "{interface_ip1,interface_ip2}~" at the beginning of the rule. The
>>> latter is especially handy for aliased interfaces.
>>>
>>> Example 1: OPEN_TCP="eth0~22", would only open TCP port 22 (SSH) for
>>> interface eth0
>>>
>>> Example 2: OPEN_TCP="1.2.3.4~22", would only open TCP port 22 (SSH) for
>>>                interface which has the IP 1.2.3.4
>>>
>>> a.
>>>
>>> Swapnil Jain wrote:
>>>   
>>>       
>>>> Arno van Amersfoort wrote:
>>>>     
>>>>         
>>>>> Yep, if you use firewall version 1.9.....
>>>>>
>>>>> Swapnil Jain wrote:
>>>>>   
>>>>>       
>>>>>           
>>>>>> Hi,
>>>>>>
>>>>>> I have an internet link with 6 public IPs. can i  forward ports to 
>>>>>> internal hosts on this different public IPs. say...
>>>>>>
>>>>>> port 80 on public_ip_1 to 80 of internal_ip_1
>>>>>> port 80 on public_ip_2 to 80 of internal_ip_2
>>>>>> port 80 on public_ip_3 to 80 of internal_ip_3
>>>>>>
>>>>>> and so on...
>>>>>>
>>>>>>
>>>>>>     
>>>>>>         
>>>>>>             
>>>>>   
>>>>>       
>>>>>           
>>>> is it planned in 1.9 final or can be done in current beta3. as i could 
>>>> not find anything new regarding this in beta3
>>>>
>>>>     
>>>>         
>>>   
>>>       
>> but OPEN_TCP="eth0~22" will just open port 22 on ip of eth0, how does  
>> it deal with port forwarding
>>
>>     
>
>   
thanks a lot, this helps me.

can i use aliases for external interface, as i have multiple ips from 
the isp


-- 

________________________________

Thanks & Regards,

 

***Swapnil Jain*

swapnil-indore.blogspot.com
swapnil.indore (at) gmail (dot) com
________________________________

 




More information about the Firewall mailing list