iptables: punching holes for eth0:0
John Summerfied
debian at herakles.homelinux.org
Thu May 12 01:13:20 UTC 2005
Ashley M. Kirchner wrote:
>
> I need to punch a hole through iptables for an upload application
> that's going to sit on an internal machine. Most of what I've seen on
> the net are rules where only the destination IP is defined. Not quite
> what I want to happen. Here's what I want to do:
>
> The firewall machine has a public IP on eth0. I'm going to add
> another on eth0:0 (in the future I'll continue adding to eth0:1, eth0:2,
> etc., etc.) and I would like requests coming in on that new address to
> route through the firewall to connect to the internal machine (which has
> a private IP.)
I'm not sure that you've disclosed all your setup, but it sounds it's
likely like a mate has.
His IAP has assigned eight (six usable) public IP addresses to his use.
Additionally, he has a separate public IP address (but private would
work) for his internet connexion.
If this looks bizarre, use a fixed font:)
<The world> == <Mate's firewall> == <maybe six servers>
(front) (back)
If I were setting this up, I'd create the necessary routes in the
firewall to direct traffic for the servers out the back. There is no
need to have any interfaces in the firewall with the server IP addresses
(or any public IP address if the IP assigned a private IP address for
the front of the firewall).
What we have where I work is a single IP address and that's taken by the
Billion ("hardware" router), and running servers inside (eg mail)
requires a dummy interface with our public IP address on it coz the
Billion gets confused about traffic for the front interface appearing at
the back.
--
Cheers
John
-- spambait
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
More information about the users
mailing list