[Firewall] Port forwarding on multiple external IPs

Mark van Dijk mark at voidzero.net
Mon Jul 28 06:38:00 MDT 2008


I'm wondering though, if eth0 has eth0:1 eth0:2 and so, should all of the
aliases be set in EXT_IF, or only eth0?

i.e. "EXT_IF=eth0 eth0:1 eth0:2"...

Cheers,
-Mark

-----Oorspronkelijk bericht-----
Van: firewall-bounces at lists.btito.net
[mailto:firewall-bounces at lists.btito.net] Namens Swapnil Jain
Verzonden: maandag 28 juli 2008 14:24
Aan: Arno's IPTABLES firewall script
Onderwerp: Re: [Firewall] Port forwarding on multiple external IPs

Arno van Amersfoort wrote:
> It doesn't...... This example only illustrates how it can be used in 
> variables related to external interfaces. When using it for NAT forwards 
> it works like:
>
> NAT_FORWARD_TCP="{ext_ip}~0/0~80>{int_ip}"
>
> a.
>
> Swapnil Jain wrote:
>   
>> Arno van Amersfoort wrote:
>>     
>>> The current beta3 can do this. The README still needs updating. But here

>>> is the info you need to get it work:
>>>
>>> - For configuration-variables/rules which are related to the external
>>> (internet) interface one can restrict the interface(s) for which it is
>>> applied to, by adding either "{interface1,interface2,...}~" or
>>> "{interface_ip1,interface_ip2}~" at the beginning of the rule. The
>>> latter is especially handy for aliased interfaces.
>>>
>>> Example 1: OPEN_TCP="eth0~22", would only open TCP port 22 (SSH) for
>>> interface eth0
>>>
>>> Example 2: OPEN_TCP="1.2.3.4~22", would only open TCP port 22 (SSH) for
>>>                interface which has the IP 1.2.3.4
>>>
>>> a.
>>>
>>> Swapnil Jain wrote:
>>>   
>>>       
>>>> Arno van Amersfoort wrote:
>>>>     
>>>>         
>>>>> Yep, if you use firewall version 1.9.....
>>>>>
>>>>> Swapnil Jain wrote:
>>>>>   
>>>>>       
>>>>>           
>>>>>> Hi,
>>>>>>
>>>>>> I have an internet link with 6 public IPs. can i  forward ports to 
>>>>>> internal hosts on this different public IPs. say...
>>>>>>
>>>>>> port 80 on public_ip_1 to 80 of internal_ip_1
>>>>>> port 80 on public_ip_2 to 80 of internal_ip_2
>>>>>> port 80 on public_ip_3 to 80 of internal_ip_3
>>>>>>
>>>>>> and so on...
>>>>>>
>>>>>>
>>>>>>     
>>>>>>         
>>>>>>             
>>>>>   
>>>>>       
>>>>>           
>>>> is it planned in 1.9 final or can be done in current beta3. as i could 
>>>> not find anything new regarding this in beta3
>>>>
>>>>     
>>>>         
>>>   
>>>       
>> but OPEN_TCP="eth0~22" will just open port 22 on ip of eth0, how does  
>> it deal with port forwarding
>>
>>     
>
>   
thanks a lot, this helps me.

can i use aliases for external interface, as i have multiple ips from 
the isp


-- 

________________________________

Thanks & Regards,

 

***Swapnil Jain*

swapnil-indore.blogspot.com
swapnil.indore (at) gmail (dot) com
________________________________

 


_______________________________________________
Firewall mailing list
Firewall at lists.btito.net
http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl





More information about the Firewall mailing list