Tony Nugent wrote:
>
> [ NB: kernel 2.2.16 (both customised and "stock RH distro") ]
>
> I need to do some port forwarding on a router (actually, several)
> for a specific (any?) purpose. IE, connect (or redirect) to
> a port on that box, and you will be connected to some port on
> another box.
I've been trying to figure out a similar situation - connections
from the outside Internet to a specific port on the front-end
server are passed through the firewall, and redirected out a
different NIC re-addressed to a different port on another machine
connected to the internal intranet. The specialized servers I've
been building listen on these nonstandard internal ports,
allowing them to run in "trusted" space, while still interacting
with the outside internet through a very narrow and constrained
exposure.
I've been using redir (redir-2.2.1.tar.gz which I think I found
on freshmeat.com)
The problem with redir is that it's built as a conventional
program - it starts and continues running without reporting back
to the OS until it's shut down. Linux appears to expect
automatically run programs to report back in some way. On fast
machines, redir seems to work pretty painlessly as a linuxconf
addons. On a 486/RH6.2 based server, I get process taking too
long error messages, and have to launch redir from the command
line - which ties up the console as long as redir is running, and
will only allow one set of ports to be redirected.
FWIW, I'm sending encripted binaries both ways through a socket
connection between properitary software on each end of the
connection.
Trying to figure out a masquerading in sendmail, I came across:
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO-6.httm
where it states that "old tools" like redir can cause problems
because they don't properly notify the kernal of their presence.
PORTFW is recommended, which requires that the kernal be
recompiled with support for IPPORTFW.
I'm just about to *start* looking into PORTFW - but have a few
more pressing distractions in the short term.
--
Kort E Patterson
http://www.overalltech.net/
http://www.hevanet.com/kort/
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
