[Firewall] Port forwarding on multiple external IPs

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Mon Jul 28 06:40:22 MDT 2008


One more time the restrictions when using multiple external interfaces:
- You CAN use multiple interfaces like eth0, eth1, eth2, ppp+ etc.
- You CANNOT use ALIASED interface names (like eth0:0, eth0:1 etc.). 
This is a restriction of the linux kernel. There isn't much I can do 
about it;
- You CAN use the IP of an aliased interface (instead).

All of this should allow you to basicly do anything you want when you 
have multiple interfaces....

a.

ps. I still need to update all this info in the config-file & README, 
but I still haven't found the time yet.....

Swapnil Jain wrote:
> Arno van Amersfoort wrote:
>> It doesn't...... This example only illustrates how it can be used in 
>> variables related to external interfaces. When using it for NAT forwards 
>> it works like:
>>
>> NAT_FORWARD_TCP="{ext_ip}~0/0~80>{int_ip}"
>>
>> a.
>>
>> Swapnil Jain wrote:
>>   
>>> Arno van Amersfoort wrote:
>>>     
>>>> The current beta3 can do this. The README still needs updating. But here 
>>>> is the info you need to get it work:
>>>>
>>>> - For configuration-variables/rules which are related to the external
>>>> (internet) interface one can restrict the interface(s) for which it is
>>>> applied to, by adding either "{interface1,interface2,...}~" or
>>>> "{interface_ip1,interface_ip2}~" at the beginning of the rule. The
>>>> latter is especially handy for aliased interfaces.
>>>>
>>>> Example 1: OPEN_TCP="eth0~22", would only open TCP port 22 (SSH) for
>>>> interface eth0
>>>>
>>>> Example 2: OPEN_TCP="1.2.3.4~22", would only open TCP port 22 (SSH) for
>>>>                interface which has the IP 1.2.3.4
>>>>
>>>> a.
>>>>
>>>> Swapnil Jain wrote:
>>>>   
>>>>       
>>>>> Arno van Amersfoort wrote:
>>>>>     
>>>>>         
>>>>>> Yep, if you use firewall version 1.9.....
>>>>>>
>>>>>> Swapnil Jain wrote:
>>>>>>   
>>>>>>       
>>>>>>           
>>>>>>> Hi,
>>>>>>>
>>>>>>> I have an internet link with 6 public IPs. can i  forward ports to 
>>>>>>> internal hosts on this different public IPs. say...
>>>>>>>
>>>>>>> port 80 on public_ip_1 to 80 of internal_ip_1
>>>>>>> port 80 on public_ip_2 to 80 of internal_ip_2
>>>>>>> port 80 on public_ip_3 to 80 of internal_ip_3
>>>>>>>
>>>>>>> and so on...
>>>>>>>
>>>>>>>
>>>>>>>     
>>>>>>>         
>>>>>>>             
>>>>>>   
>>>>>>       
>>>>>>           
>>>>> is it planned in 1.9 final or can be done in current beta3. as i could 
>>>>> not find anything new regarding this in beta3
>>>>>
>>>>>     
>>>>>         
>>>>   
>>>>       
>>> but OPEN_TCP="eth0~22" will just open port 22 on ip of eth0, how does  
>>> it deal with port forwarding
>>>
>>>     
>>   
> thanks a lot, this helps me.
> 
> can i use aliases for external interface, as i have multiple ips from 
> the isp
> 
> 

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list