[Gllug] local DNS with smoothwall or IPcop?

Simon A. Boggis simon at dcs.qmul.ac.uk
Sat Nov 16 01:40:55 UTC 2002


On Fri, 2002-11-15 at 20:03, Steve Nicholson wrote:
> Have been making an attempt at this today, smoothwall uses ipchains so have been reading the man and how-tos.  I'm still confused as I don't see a way of redirecting the external address to the internal one. Redirect is only for the port from what I can tell read about and using masq doesn't make sense until I can set up the new destination.
> 
> From what I can tell I need to create a new rule on the INPUT chain testing for the external IP if matched jump to a new user defined chain.
> Create two rules for the new user defined chain:
> - one to redirect external IP to internal one,
> - one to masq the external to internal
> Otherwise the source and destination IP's don't seem right.
> 
> This is what I think I need to do
> ipchains -N dev_web
> ipchains ??? something that redirects external_IP to internal_IP
> ipcahins -A dev_web -d internal_ip -j MASQ
> ipchains -A input -p tcp -d external_IP :80 -j dev_web
> 
> Have had a play with it but don't seem to be getting anywhere, is there some better documentation than the ipchains how-to and masquerading how-to, because I'm missing something in my understanding of this.
> 
> thanks
> Steve.

I don't think that ipchains MASQ and/or REDIRECT will do what you want.
MASQ will indeed make the packets look like they came from your router
(=SNAT), but won't send them elsewhere (=DNAT). REDIRECT can only
redirect onto a port on localhost, which isn't much cop unless you run
the service locally or can tunnel it (which is a bit ugly!).

I'm a bit rusty on ipchains era stuff, but I think you can still achieve
what you want using ipmasqadm (man 8 ipmasqadm). The manual page is
pretty good and has (amongst the) examples:

       Redirect  all  traffic  from  external clientA to internal
       hostB, also show forward masq rule to allow this for hostB
       only (clean, simple ... just *grin*)

              ipchains -I forward -d clientA/32 -s hostB/32
              ipchains -I input -s clientA/32 -m 3
              ipmasqadm mfw -I -m 3 -r hostB

Simon

-- 
----------------------------------------------------------------------
Dr Simon A. Boggis                                  Systems Programmer
Department of Computer Science,                     Tel. 020 7882 7522
Queen Mary, University of London, London E1 4NS UK. 
---- GPG public key <http://www.dcs.qmul.ac.uk/~simon/#publickey> ----


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list