Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: frederikbay on May 10, 2004, 02:35:30 PM
-
Hi
I have 2 public ip adresses and would like to have 2 servers attached, one windows and one SME server.
Is it possible to use the SME server as a "bridging" firewall, so that the SME server has 2 ip's on the external NIC and forwards one to the windows server?
Thanks
Frederik
-
This is old but you may glean something useful here
http://www.tech-geeks.org/article.php?story=20020206234827402
Regards
Brian K
-
Thanks, had a look at it and looks like it uses IPChains and not IPTables.
Anybody else have any suggestions?
was thinking of trying ProxyPass.
-
I think proxypass passes a url and won't discriminate between your ext ips. I know Abe's solution uses ipchains but I thought it might be quite simple to modify.
Regards
Brian
-
After looking through the link you supplied, I found Abe's Readme and it states:
<snip>
Program Name: 1 To 1 NAT
Developer: Abe Loveless (abe_AT_lovelesscentral.org)
Major Contributer: Chris Watkins
Current Version: 1_to_1-0.1.tar.gz
SME Server Version: Versions 5.5 and DOWN, ONLY
For version 5.6 and UP, see http://tech-geeks.org/contrib/mdrone/1-to-1/
<snip>
Should be the answer to my problem, I hope :-D , will be posting any findings.
Thanks for the help Brian.
-
Have now gotten it to work, there was a line missing.
Here is a small how-to:
A. Use this link
http://tech-geeks.org/contrib/mdrone/1-to-1/
B. Login to Server using Putty
C. in root dir use command
mkdir nat
cd nat
D. download contrib
wget http://tech-geeks.org/contrib/mdrone/1-to-1/1-to-1-iptables.tar.gz
follow the readme in the contrib until you get to 3c.
3d. pico /opt/1_to_1/makefrag.pl
after line 43 - print BEGIN (" /sbin/iptables -t nat --append CustomNATout -s $data[1] -j SNAT --to $data[0] \n");
insert this line
print BEGIN ("\n /sbin/iptables -A FORWARD -j ACCEPT\n");
then CTRL-X and save on exit
continue following the readme and you are all set.
-
frederikbay,
works perfectly for me, thank you very much.
How about restricting access to an specified port, such as mysql only to certain outside IP's?
I would need more than one outside IP accessing certain ports on an specific machine within my LAN, and mixing the 1-to-1 and this rule would be perfect!
Thanks,
-
Hi stuntshell
use pico (or any editor you like) to edit /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/34CustomNAT
find the entry for Mysql
/sbin/iptables -t nat --append CustomNATin -s xxx.xxx.xxx.xxx -d yyy.yyy.yyy.yyy -p tcp --dport 3306 -j DNAT --to iii.iii.iii.iii:3306
change the xxx's for the IP you want to have the ability to connect to your internal server
the yyy are the external ip that you want your server to respond to
the iii is the local ip of the server.
the entry should be there beforehand the only thing you have to do is insert: -s xxx.xxx.xxx.xxx
then copy the whole line at paste it under the previous and edit the -s xxx.xxx.xxx.xxx
do this for each IP that you want to be able to connect to the Server.
remember to restart the masq service
/etc/rc.d/init.d/masq restart
or simply reboot
Don't know if it'll work, but hope :roll: it does.
Let me know what you find.
Frederik
-
I've been reading this thread and it may solve a problem I've been trying to figure out. A post to the forums did not turn up anything.
I want to be able to access a piece of equipment via TCP/IP connected to the internal private network from the public network in a secure manner. By secure I mean that the internal network is secured from the public network but the piece of equipment is available to the public, one user at a time.
It looks like I could get a second static IP address assigned to my server and route that address to the static internal address of the equipment. I'm not quite sure how to do this but I'd like advice as to whether or not it can be done or if there is a better way to accomplish this task. My SME server is running Private Server Gateway.
Thanks,
-
dann,
If you follow the description above you should be able to solve your problem.
what you need is 2 puiblic IP adresses where you route one to "piece of equipment" on your private network.
You can route all ports to the "piece of equipment" or just the ones you are going to use (more secure).
Frederik
-
Hi - can I use Abe's 1to1NAT to send a specific external IP (I have multiple ext ips) to a specific internal server by port?
eg say 203.xxx.xxx.001 port 80 to 192.168.0.10:80
and 203.xxx.xxx.002 port 80 to 192.168.0.20:80
So the same port gets routed to partic internal sever depending on its external IP
Cheers
Brian
-
It's precisely what Frederik has explained above! If all you want to do is serve webpages, you could also use the proxypass contrib.
Cheers :pint: to Frederik!!!
(BTW, the specific port works as a charm)
-
Good work on that, folks. So, would you save your findings for the generation after you and make a nice howto at this page, i have prepared for you:
http://no.longer.valid/phpwiki/index.php/How%20to%20have%202%20public%20ip%27s%20on%20external%20NIC%20and%20route%20it%20to%20a%20piece%20of%20hardware%20on%20your%20local%20network
Use the small edit button in the lower right corner.
You howto will then be visible in the RSS feed for a while.
-
Will do.
Frederik
He he my first how to :-D