[lug] forward pcanywhere
D. Stimits
stimits at idcomm.com
Sun Nov 11 10:19:11 MST 2001
Rob Nagler wrote:
>
> > is it possible to write a ipchain to forward incoming pcanywhere connections
> > to clients behind my firewall using static 192.168.0.X ips. i have read
> > from a outdated how to that i need a third party utility.
>
> You can't use ipchains, but you can use ip masquerading. If you are
> using RH 7.1, I highly recommend you spend the time to learn
> iptables. ipchains is deprecated. iptables combines ip DNAT
> (destination network address translation) and network filtering
> (ipchains).
>
> I will be doing this for one of my clients (when they decide they need
> it). It's easy to do. Also, the latest PCAnywhere apparently lets
> you use a different port for remote hosts, which means you only need
> one static IP to handle multiple internal computers.
>
> I don't have the time to work up an example now. Here's how you would
> forward port 80 on the Internet (1.1.3.4) to an internal host
> (192.168.1.1). There's no port translation:
>
> iptables -t nat -A PREROUTING -d 1.2.3.4 -p tcp --dport 80 \
> -j DNAT --to-destination 192.168.1.1
>
> This is with port translation 8080 on inet to 80 on internal machine:
>
> iptables -t nat -A PREROUTING -d 1.2.3.4 -p tcp --dport 8080 \
> -j DNAT --to-destination 192.168.1.1:80
>
> Cheers,
> Rob
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
I'd love to see a 10 minute demo on sample conversions from ipchains to
iptables; first a basic flavor of converting existing ipchains rules,
and 2nd maybe a short note of new things that one can do.
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list