[tclug-list] Need networking guru

Thu May 11 21:53:41 CDT 2006

The following 3 commands are what I use to redirect a port to an
internal machine behind my firewall.  I have used the same basic form
for rerouting port 8080 to port 80 on a machine behind my firewall, plus
routed things to a terminal server behind the firewall.  \

The following example is to route any request from the outside to port
1025 to port 22 on an internal machine (ssh port).  I am guessing there
is a way to do it for a specific IP address as well .. but I do not use
that feature.

$IPT -A FORWARD -p tcp -j ACCEPT --dport 1025 -m state --state NEW 

$IPT -t nat -A PREROUTING -i eth1 -p tcp --dport 1025 -j DNAT --to
192.168.1.99:22

$IPT -t nat -A PREROUTING -p tcp -i INET_IFACE -d 172.16.5.47 --dport
1025 -j DNAT --to-destination 192.168.1.99:22

These commands were taken from a working iptables file and they have
been tested numerous times and work.

Hope this helps you do what you need to do.

Randy

On Thu, 2006-05-11 at 16:12 -0500, Eric Peterson wrote:
> Hi all,
> 
> My company is trying to expand our service to our customers and part
> of that has involved setting up virtual machines for our customers. We
> have a number of services that we provide on each virtual machine that
> go beyond the normal web server type of hosting solutions.
> 
> I need a way to map hostnames to a virtual server behind the NAT
> firewall and forward ports through the firewall. The catch is that all
> the servers will be running services on the same ports. I know with
> Apache you can use virtual hosts this way, but I don't know of a way
> to do this with apps such as ssh.
> 
> So is there a way to forward the same ports to several NAT hosts using
> only one public IP address based on the hostname?
> 
> For example:
> 
> "ssh hosta.example.com" would connect you to 192.168.1.10
> "ssh hostb.example.com" would connect you to 192.168.1.11
> 
> Both hosta and hostb share the same public IP.
> 
> Thanks,
> Eric
> 
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list