[Sussex] IPTables - is this possible?
Nico Kadel-Garcia
nkadel at gmail.com
Wed Mar 21 21:34:43 UTC 2007
Matthew Macdonald-Wallace wrote:
> Hi all,
>
> For reasons I won't go into at the moment, I'm exploring the
> possibilities of the following:
>
> - All traffic for a given web address hits a given port.
> - IPTables examines the data and then forwards it to a different port
> depending on the packet type.
>
> As an example:
>
> All traffic is routed from a given client to a specified firewall via
> a local proxy.
>
> The firewall will only accept connections on port 443 (secure HTTP).
>
> The traffic being sent varies between https and ssh - https is
> redirected to an internal webserver running mod_ssl, ssh is redirected
> to a different shell server running ssh (surprisingly!).
>
>
> Can anyone advise if this is possible?
It most certainly is: it's what NAT setups do all the time. The usual
way is that *all* incoming traffic goes to the external NAT server, and
only a few ports are permitted access to internal services and those go
to specific hosts. The hosts can then, if permitted, reach *out* through
the NAT.
But this is the sort of thing that firewalls and routers do all the time.
More information about the Sussex
mailing list