[Sussex] IPTables - is this possible?
Steve Dobbo Dobson
steve at dobson.org
Wed Mar 21 21:45:39 UTC 2007
Matt
On Wed, Mar 21, 2007 at 07:15:04PM +0000, Matthew Macdonald-Wallace wrote:
> - All traffic for a given web address hits a given port.
> - IPTables examines the data and then forwards it to a different port
> depending on the packet type.
>
> As an example:
>
> All traffic is routed from a given client to a specified firewall via
> a local proxy.
Why configure the client to talk via a proxy? If you install the firewall
in the comms path of the client then it can filter packets based on
source and type - no need for the proxy to re-direct.
> The firewall will only accept connections on port 443 (secure HTTP).
>
> The traffic being sent varies between https and ssh - https is
> redirected to an internal webserver running mod_ssl, ssh is redirected
> to a different shell server running ssh (surprisingly!).
Standard firewall fair this. DNAT & SNAT are easily configured.
> Can anyone advise if this is possible?
Sounds it to me on the limited information given.
Steve
--
Steve "Dobbo" Dobson
steve at dobson.org
SussexLUG Master
-------------------------------------------------------------------------------
BOFH excuse #346:
Your/our computer(s) had suffered a memory leak, and we are waiting for them to be topped up.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20070321/06dfe7f4/attachment.pgp
More information about the Sussex
mailing list