Help Required

Help Required

[Sridhar Murthy]

Hi Team,

I require help to my following setup:

I have a Redhat 8 Server with squid,smtp & pop3 with iptables running.

My requirement is we have a citrix server with local LAN ipaddress. People 
from Internet will have to access this server from outside(my firewall is 
having a public ipaddress which is dynamic assigned). I want to know what is 
the rules that i have to add to allow the traffic which uses port number 
1494, to get into my network and access my citrix server which is having LAN 
ip. Should any nat be added.

Thanks in advance.

Regards,

Sridhar

Re: [iptables] Help Required

[Paul Cousins]

iptables -t -A PREROUTING -i eth1 -p TCP --dport 1494 -j DNAT --to
192.168.0.1:1494
iptables -A FORWARD -i eth1 -o eth0 -p TCP -d 192.168.0.1 --dport 22 -j
ACCEPT

of course your -i and -o interfaces may have different names. -i being the
external and -o being the internal in this scenario. an dof course the
address will be different but you should get the idea.
------------------------------------------------
Paul Cousins
Canterbury Computer Services
paul@canterburycomputerservices.co.uk


----- Original Message ----- 
From: "Sridhar Murthy" <sridhar@vfmindia.biz>
To: <netfilter@lists.netfilter.org>
Sent: Wednesday, July 30, 2003 10:40 AM
Subject: [iptables] Help Required


>
>
> Hi Team,
>
> I require help to my following setup:
>
> I have a Redhat 8 Server with squid,smtp & pop3 with iptables running.
>
> My requirement is we have a citrix server with local LAN ipaddress. People
> from Internet will have to access this server from outside(my firewall is
> having a public ipaddress which is dynamic assigned). I want to know what
is
> the rules that i have to add to allow the traffic which uses port number
> 1494, to get into my network and access my citrix server which is having
LAN
> ip. Should any nat be added.
>
> Thanks in advance.
>
> Regards,
>
> Sridhar
>
>
>

Re: [iptables] Help Required

[Paul Cousins]

iptables -t -A PREROUTING -i eth1 -p TCP --dport 1494 -j DNAT --to
192.168.0.1:1494
iptables -A FORWARD -i eth1 -o eth0 -p TCP -d 192.168.0.1 --dport 1494 -j
ACCEPT

opps wrong dest port :)


----- Original Message ----- 
From: "Paul Cousins" <paul@pimper.fsnet.co.uk>
To: <netfilter@lists.netfilter.org>
Sent: Wednesday, July 30, 2003 3:29 PM
Subject: Re: [iptables] Help Required


> iptables -t -A PREROUTING -i eth1 -p TCP --dport 1494 -j DNAT --to
> 192.168.0.1:1494
> iptables -A FORWARD -i eth1 -o eth0 -p TCP -d 192.168.0.1 --dport 22 -j
> ACCEPT
>
> of course your -i and -o interfaces may have different names. -i being the
> external and -o being the internal in this scenario. an dof course the
> address will be different but you should get the idea.
> ------------------------------------------------
> Paul Cousins
> Canterbury Computer Services
> paul@canterburycomputerservices.co.uk
>
>
> ----- Original Message ----- 
> From: "Sridhar Murthy" <sridhar@vfmindia.biz>
> To: <netfilter@lists.netfilter.org>
> Sent: Wednesday, July 30, 2003 10:40 AM
> Subject: [iptables] Help Required
>
>
> >
> >
> > Hi Team,
> >
> > I require help to my following setup:
> >
> > I have a Redhat 8 Server with squid,smtp & pop3 with iptables running.
> >
> > My requirement is we have a citrix server with local LAN ipaddress.
People
> > from Internet will have to access this server from outside(my firewall
is
> > having a public ipaddress which is dynamic assigned). I want to know
what
> is
> > the rules that i have to add to allow the traffic which uses port number
> > 1494, to get into my network and access my citrix server which is having
> LAN
> > ip. Should any nat be added.
> >
> > Thanks in advance.
> >
> > Regards,
> >
> > Sridhar
> >
> >
> >
>
>
>
>

Re: Help Required

[Carlo Florendo]

Hello,

> From: "Sridhar Murthy" 
> Hi Team,
> 
> I require help to my following setup:
> 
> I have a Redhat 8 Server with squid,smtp & pop3 with iptables running.
> 
> My requirement is we have a citrix server with local LAN ipaddress. People 
> from Internet will have to access this server from outside(my firewall is 
> having a public ipaddress which is dynamic assigned). I want to know what is 
> the rules that i have to add to allow the traffic which uses port number 
> 1494, to get into my network and access my citrix server which is having LAN 
> ip. Should any nat be added.
> 

Yes.  You need to do a DNAT.  

iptables -t nat --insert PREROUTING -i <external_interface> -p tcp --dport  1494 -j DNAT --to  <citrix_ip_address>
iptables --insert FORWARD -p tcp -i <external_interface> -d <citrix_ip_address> --dport 1494 -j ACCEPT

> Thanks in advance.
> 
> Regards,
> 
> Sridhar
> 


Best Regards,

Carlo
------
Carlo Florendo
Astra Philippines Inc.
URL: http://www.hq.astra.ph/resources