[TCLUG] Port forwarding to other networks

Tue Dec 4 15:42:11 CST 2001

This won't work though.  Because returning packets to the client are going
to appear to come from a different address.  He's not doing any sort of NAT,
and since it's a transition, the box will have to answer to request going to
it's real IP besides the ones that come from the forwarding rule.  As far as
I know, there's not any easy way to do it except maybe to create a tunnel
between the two boxes, and then do source routing.  I don't know if linux
will do source routing though, never tried it.

Jay

> -----Original Message-----
> From: Thomas J. Hudak [mailto:thudak at autonomous.tv] 
> Sent: Tuesday, December 04, 2001 12:12 PM
> To: tclug-list at mn-linux.org
> Subject: Re: [TCLUG] Port forwarding to other networks
> 
> 
> * Brian (lxy at cloudnet.com) wrote:
> > I'm moving a machine from building A to building B.  
> Building A has a 
> > T1 and building B has a DSL.  Since there's lots of DNS 
> stuff pointed 
> > to its address on the T1 it will take some time to get it 
> all moved to 
> > the DSL. Here's my thought: I have a few extra linux boxen on the 
> > building A T1.  Can I bind the old IP address to one of 
> these and port 
> > forward it to the box over in building B?  That way I have 
> very little 
> > down time while my DNS changes get propogated.  I can't 
> find anything 
> > on doing this in the ipfwadm or ipmasqadm docs.
> Yes, and it's quite easy.
> 
> Since I'm using a real network-os (/me ducks), I'll give you 
> an ipfw rule that will work, then you'll at least have an 
> idea of what it's supposed to look like, and should be able 
> to translate it to iptables-speak.
> 
> ipfw add forward all 1.2.3.4 80 4.3.2.1 1337 in via xl0
> 
> On a BSD box with IPFW enable, that says "forward all types 
> of traffic from 1.2.3.4 on port 80 to 4.3.2.1 port 1337 
> coming in via xl0" 
> Which gives the added bonus of *only* forwarding all the data 
> that comes
> *in* to the desired ethernet device for that address/port.
> 
> head over to linuxdoc.org, last I checked they had some good 
> tutorials on ipmasq/chains/tables to peruse... the iptables 
> lines are similar in syntax enought that it shouldn't be too hard.
> 
> Good luck, and post again if you still have problems
> 
> Thomas J. Hudak
> Professional Unix Admin for hire
> 
> _______________________________________________
> Twin Cities Linux Users Group Mailing List - Minneapolis/St. 
> Paul, Minnesota http://www.mn-linux.org 
> tclug-list at mn-linux.org 
> https://mailman.mn-> linux.org/mailman/listinfo/tclug-list
> 