Inbound port mapping

Ken Yuinipo

Inbound port mapping

« on: May 24, 2001, 01:44:09 AM »

Hi,

I posted this question on the customer forum, and they said I should post it here.
How well is inbound port mapping (port redirect) supported in E-smith?
We want to implement MSN Messenger and PCanywhere.

Thanks

Ken

Logged

Nathan Fowler

Re: Inbound port mapping

« Reply #1 on: May 24, 2001, 01:51:14 AM »

Using /usr/sbin/ipmasqadm you are able to use several port forwarding modules.
portfw
autofw
mft
redir

The great thing about Linux is the ability to forward/redirect not only incoming TCP connections but incoming UDP connections as well. An excellent resource and repository for port fowarding and mapping configurations are located at
http://www.tsmservices.com/masq

This is a living server constantly updated with new information as new rules and programs are created.

If you want your ipmasqadm changes to stay persistent I recommend putting them in /etc/rc.d/rc.local.

Thanks
Nathan

Logged

Thomas

Re: Inbound port mapping

« Reply #2 on: May 24, 2001, 03:28:39 PM »

I am trying to open up port UDP 9000 for access to all the pc's on my internal network. Is this port forwarding? Is there somewhere I can find an example about this that is easy to understand for someone that's not doing this for a living?

Logged

Nathan Fowler

Re: Inbound port mapping

« Reply #3 on: May 24, 2001, 06:58:07 PM »

Thomas, define "Open". It is open and not filtered by default so "Opening" it has already been accomplished. Port forwarding is only done for incoming packets without the ACK flag set (I think, correct me if I am wrong).

Logged

Bob Jenner

Re: Inbound port mapping

« Reply #4 on: May 25, 2001, 07:20:52 AM »

With Inbound port mapping, it is not passible to forward the same port, on the same ip address to more then one destination. If you want to open port 9000 to "all" of the systems on the inside network from the outside, you can not.

If the workstation port needs to be 9000, fine. Add multiple IP addresses to the external interface and map one to one, or select a diferent port on the outside, to map to each 9000 port on the inside. Like this:

If external address is 200.200.200.200

Internal address range is 100.100.100.100 - 100.100.100.200

I could map
200.200.200.200 port 8000 to 100.100.100.101 port 9000
200.200.200.200 port 8002 to 100.100.100.102 port 9000
200.200.200.200 port 8003 to 100.100.100.103 port 9000
200.200.200.200 port 8004 to 100.100.100.104 port 9000
200.200.200.200 port 8005 to 100.100.100.105 port 9000

And so on ...

I hope this makes the possibilities clearer to you.

Regards,

Bob

Logged

Bob Jenner

Re: Inbound port mapping

« Reply #5 on: May 25, 2001, 07:24:29 AM »

With Inbound port mapping, it is not passible to forward the same port, on the same ip address to more then one destination. If you want to open port 9000 to "all" of the systems on the inside network from the outside, you can not.

If the workstation port needs to be 9000, fine. Add multiple IP addresses to the external interface and map one to one, or select a diferent port on the outside, to map to each 9000 port on the inside. Like this:

If external address is 200.200.200.200

Internal address range is 100.100.100.100 - 100.100.100.200

I could map
200.200.200.200 port 8000 to 100.100.100.101 port 9000
200.200.200.200 port 8002 to 100.100.100.102 port 9000
200.200.200.200 port 8003 to 100.100.100.103 port 9000
200.200.200.200 port 8004 to 100.100.100.104 port 9000
200.200.200.200 port 8005 to 100.100.100.105 port 9000

And so on ...

I hope this makes the possibilities clearer to you.

Regards,

Bob

Logged