[Firewall] Port forwarding on multiple external IPs

Swapnil Jain swapnil.indore at gmail.com
Mon Jul 28 06:48:59 MDT 2008


Arno van Amersfoort wrote:
> One more time the restrictions when using multiple external interfaces:
> - You CAN use multiple interfaces like eth0, eth1, eth2, ppp+ etc.
> - You CANNOT use ALIASED interface names (like eth0:0, eth0:1 etc.). 
> This is a restriction of the linux kernel. There isn't much I can do 
> about it;
> - You CAN use the IP of an aliased interface (instead).
>
> All of this should allow you to basicly do anything you want when you 
> have multiple interfaces....
>
> a.
>
> ps. I still need to update all this info in the config-file & README, 
> but I still haven't found the time yet.....
>
> Swapnil Jain wrote:
>   
>> Arno van Amersfoort wrote:
>>     
>>> It doesn't...... This example only illustrates how it can be used in 
>>> variables related to external interfaces. When using it for NAT forwards 
>>> it works like:
>>>
>>> NAT_FORWARD_TCP="{ext_ip}~0/0~80>{int_ip}"
>>>
>>> a.
>>>
>>> Swapnil Jain wrote:
>>>   
>>>       
>>>> Arno van Amersfoort wrote:
>>>>     
>>>>         
>>>>> The current beta3 can do this. The README still needs updating. But here 
>>>>> is the info you need to get it work:
>>>>>
>>>>> - For configuration-variables/rules which are related to the external
>>>>> (internet) interface one can restrict the interface(s) for which it is
>>>>> applied to, by adding either "{interface1,interface2,...}~" or
>>>>> "{interface_ip1,interface_ip2}~" at the beginning of the rule. The
>>>>> latter is especially handy for aliased interfaces.
>>>>>
>>>>> Example 1: OPEN_TCP="eth0~22", would only open TCP port 22 (SSH) for
>>>>> interface eth0
>>>>>
>>>>> Example 2: OPEN_TCP="1.2.3.4~22", would only open TCP port 22 (SSH) for
>>>>>                interface which has the IP 1.2.3.4
>>>>>
>>>>> a.
>>>>>
>>>>> Swapnil Jain wrote:
>>>>>   
>>>>>       
>>>>>           
>>>>>> Arno van Amersfoort wrote:
>>>>>>     
>>>>>>         
>>>>>>             
>>>>>>> Yep, if you use firewall version 1.9.....
>>>>>>>
>>>>>>> Swapnil Jain wrote:
>>>>>>>   
>>>>>>>       
>>>>>>>           
>>>>>>>               
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I have an internet link with 6 public IPs. can i  forward ports to 
>>>>>>>> internal hosts on this different public IPs. say...
>>>>>>>>
>>>>>>>> port 80 on public_ip_1 to 80 of internal_ip_1
>>>>>>>> port 80 on public_ip_2 to 80 of internal_ip_2
>>>>>>>> port 80 on public_ip_3 to 80 of internal_ip_3
>>>>>>>>
>>>>>>>> and so on...
>>>>>>>>
>>>>>>>>
>>>>>>>>     
>>>>>>>>         
>>>>>>>>             
>>>>>>>>                 
>>>>>>>   
>>>>>>>       
>>>>>>>           
>>>>>>>               
>>>>>> is it planned in 1.9 final or can be done in current beta3. as i could 
>>>>>> not find anything new regarding this in beta3
>>>>>>
>>>>>>     
>>>>>>         
>>>>>>             
>>>>>   
>>>>>       
>>>>>           
>>>> but OPEN_TCP="eth0~22" will just open port 22 on ip of eth0, how does  
>>>> it deal with port forwarding
>>>>
>>>>     
>>>>         
>>>   
>>>       
>> thanks a lot, this helps me.
>>
>> can i use aliases for external interface, as i have multiple ips from 
>> the isp
>>
>>
>>     
>
>   
using ip will solve the requirement.

thanks arno.

-- 

________________________________

Thanks & Regards,

 

***Swapnil Jain*

swapnil-indore.blogspot.com
swapnil.indore (at) gmail (dot) com
________________________________

 




More information about the Firewall mailing list