Jason Sowers wrote:
> Does anyone know if there is hardware/software out there
> that will allow me to switch TCP/UDP ports of
> communication as it traverses a DMZ? For example, if you
> have a web server that is outside of you network that is
> getting information from a DB server on the inside of your
> network, is there anyway to switch the packet from port 80
> to port 5000 as it crosses the DMZ? Maybe Linux can do it
> or some package on Linux. I can't find anything that will
> do it. Cisco can't so I don't know really where to go.
> Any input/leads would be great.
#!/bin/sh
#
# NAT script to "port forward" packets from destination port
# 80 to destination port 5000
#
# Required: Linux 2.4 and iptables(1)
#
IPT=/usr/sbin/iptables
EXTIF=eth0
INTIF=eth1
EXTIP=209.98.212.224
WEBIP=209.98.212.225
DBIP=192.168.1.10
# Destination Network Address Translation
$IPT -t nat -A PREROUTING -j DNAT -i $EXTIF -s $WEBIP/32 -d $EXTIP/32 \
-p tcp --dport 80 --to $DBIP:5000
# Accept the packet for fowarding
$IPT -t filter -A FORWARD -j ACCEPT -i $INTIF -s $WEBIP/32 -d $DBIP/32 \
-p tcp --dport 80
echo "Read the NAT and Filtering HOWTO's provided with iptables(1)"
--
^chewie
Sorry about not signing my email...I can't get access to my
home workstation today. CCW-20010320