Scott
I understood the gist of what you wanted, without the specifics, of course. What I was trying to point out was that it would be easier to run DNS2Go on e-smith, rather than trying to manipulate the firewall to allow access to the W2K server. However, since you want to expose the services on your W2K server (I'm assuming you mean things like IIS and Exchange) to the Internet, you'll need to dig into ipchains.
Start with 'man ipchains' on the e-smith server. Then take a look at the files in /etc/e-smith/templates/etc/rc.d/init.d/masq to see how the e-smith firewall is implemented. You'll need to work in your ipchains rules into the masq init script. You'll place your files in the /etc/e-smith/templates-custom/etc/rc.d/init.d/mask directory, though. Remember that any file in */templates-custom/* with the same name as a file in */templates/* will be processed instead of the normal template, which allows you to replace template fragments w/o changing the original, and that any new files will be processed in sorted order.
Getting all this to work is an advanced topic, so I recommend you start a new thread in the Experienced User forum.
BTW, I'd still consider running DNS2Go on the e-smith system. I suspect you'll have fewer issues than you will trying to run it on the W2K server behind e-smith when e-smith is the gateway.
And, as I'm writing this, it occurs to me you're probably wanting to do port forwarding, not just opening ports via ipchains. For that you definitely need to be in the other forum. Do a search first, though, as I believe port forwarding has been discussed several times.
Scott
3 Replies
1814 Views