Port forwarding with Linux

It’s Tuesday. I can’t wait for the weekend. Hey, at least this week we get a little break on Wednesday, at least in the States.
I posted some mail last night. Among those was a request that I reveal some of my Linux server-at-home secrets. I think I’ve sufficiently covered the creation of mail and Web servers, but I’ll go back and look some other time, when my brain’s less fried. I spent the day trying to make bootable Linux CDs. I’m thankful for CD-RWs, because I would have toasted about 10 CD-Rs in that process. I’ve found a Web site at work that talks all about it; I’ll refrain from calling it great until I figure out whether all of its steps actually work. I have made one successful bootable CD using the process, but it wouldn’t do everything I wanted. When I subbed in my own kernel that could do everything I wanted and left things like amateur radio support behind (just what I always wanted… a HAM-enabled Linux boot CD. Be still, my heart!) I got various different error messages. So not only am I wrong, I’m inconsistently wrong.

Anyway, let’s talk about firewalling. I don’t write firewalling scripts by hand; I let an expert do it. Then I go in and make slight modifications. My favorite method by far is to use PMFirewall, which asks you a bunch of nice questions and then writes a script. At present it only works with 2.2-based distros (a version for 2.4 is in alpha). If you want to do some forwarding, all you have to do is edit rc.firewall and add a couple of lines (this example assumes you’re running a Web server on 172.16.0.10, port 80):


echo "1" > /proc/sys/net/ipv4/ip_forward #enable IP forwarding
/usr/sbin/ipmasqadm portfw -a -P tcp -L $IPADDR 80 -R 172.16.0.10 80 #forward Web services to port 80 on 172.16.0.10

If you’re also running IMAP services on the same box, you can theoretically open it up with this line (I haven’t tried anything like this yet):


/usr/sbin/ipmasqadm portfw -a -P tcp -L $IPADDR 143 -R 172.16.0.10 143 #forward IMAP to port 143 on 172.16.0.10

Forwarding with Freesco is supposed to be easy but I’ve never actually done it yet. I’ll have to play around with it, on someone else’s cable or DSL connection of course (we wouldn’t want to keep anyone from reading these pages, after all). I believe Freesco is still 2.0-based, and firewalling and forwarding has changed with each major kernel revision since 2.0. It may have changed some before that too, for all I know, but back in those days I was fighting Slackware on 486s and deciding I hated Linux. It wasn’t until 1997 when a coworker gave me a copy of Red Hat 5.2 that I changed my mind and realized I didn’t hate Linux, I hated Slackware.

6 thoughts on “Port forwarding with Linux

  • July 3, 2001 at 1:15 am
    Permalink

    Hey I’ve got a Freesco router you can play with. I’ve been unsuccesful at getting it to forward anything. Maybe you can have some luck.

  • July 3, 2001 at 6:40 am
    Permalink

    Dave,

    Thanks for your reply.

    I have never tried Turbolinux but Slackware is something I use when doing minimal installations on challenged hardware 🙂 I have also decided to replace my Mandrake 8 installation with Slackware 8.0 (out now) since I think Mandrake simply complicates things trying to make everything easy.

    When was the last time you tried Slackware?

    /Dave T.

  • July 3, 2001 at 11:34 am
    Permalink

    It would have been late 1997. I tried the then-current Slackware (I don’t remember the version number anymore), hated it, then tried Red Hat 5.2 and liked it. I could probably handle Slackware now since I can find my way around a Unix box a lot better now than I could then.

    I agree, Mandrake installs a lot more than it needs to in the name of being simple. It does a pretty good job of giving consumers what they want. I’d use it on a workstation but keep it far from my servers.

  • September 6, 2001 at 10:50 pm
    Permalink

    I would like to know how to do a port forward from my linux box which is connected to a cable modem to one linux box in internal network. port xxx to another computers port xxx… and this should be transparent connection, IE. it should let the inner computer see the real ip address of the connecting computer

    Thanks TJ

  • September 11, 2001 at 5:26 am
    Permalink

    Hey there fellas, I have a Freesco router (ver 0.2.7) dont kno what kernel its based on, but I have setup port forwarding, pretty straight forward, just turn it on and your there. I couldnt get port forwarding on port 80 for some reason, but I got an FTP session going on a win95 machine to a win2k server with IIS5, no problems

  • September 12, 2001 at 9:25 pm
    Permalink

    this is typical… something critical to these instructions isn’t on my system

    I don’t have ipmasqadm

    nor do I have rc.firewall

    this on redhat 6.2

Comments are closed.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux