[ previous ] [ next ] [ threads ]
 
 From:  Hilton Travis <Hilton at QuarkAV dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Forward same port to severl computers
 Date:  Mon, 17 May 2004 08:24:52 +1000 
Hi Seth,

On Mon, 2004-05-17 at 00:30, Seth Rothenberg wrote:
> >> How to forward for ex. port 113 to both a computer at the DMZ network
> >> and to a computer on the LAN
> >> Now it works just to a computer at LAN network, and I need to enable it
> >> on the DMZ too
> 
> > You cannot do this.  This is not a m0n0wall limitation, but it is a
> > function of the TCP protocol that is impossible to achieve.
> 
> The above is true, but I think it's worth asking Christian
> a question - what did you mean to do?
> 
> I have a setup at home, where I can ssh to my firewall (port 22),
> or I can ssh to my server, which is inside the firewall, on the LAN.
> 
> I have a rule that says
> "Port 9022 forwarded to port 22 on Walix"
> (It's a WalMart with Linux :-)
> 
> This is helpful for different things.
> I can load a friend's ssh keys on my server, and they
> "go through" the firewall without stopping to pay a toll.
> If my firewall has problems (like runs out of ttys),
> there's a good chance the kernel's routing rules will
> still work, and I can get inside.

This is standard issue port forwarding practice.  If you need a service
that runs on the same port to be accessible on 2 internal machines, you
change the ports you hit on your NAT box so it forwards to different
machines depending on the port you hit on the firewall.

In Christian's case, this does not help as he needs IDENT to be handled
by 2 different internal machines, and IDENT *requires* port 113 - ie
there is no other port that an IDENT server will ask questions of.

> <Grain Of Salt> Note, I just downloaded m0n0wall, so I don't know
> how to do this with m0n0wall, but I am sure it is easy.</Grain>

m0n0wall will definitely handle this.

--
 
Regards,

Hilton Travis                   Phone: +61 (0)7 3343 3889
Manager, Quark IT               Phone: +61 (0)419 792 394
         Quark AudioVisual      http://www.QuarkAV.com
(Brisbane, Australia)           http://www.QuarkIT.com.au

Open Source Projects:           http://www.ares-desktop.org/
                                http://www.mamboband.org/

Specializing in IT Solutions for Small to Medium Enterprises
  Network Design, Administration, Security and Maintenance
     m0n0wall and SmoothWall Firewalls, NOD32 AntiVirus

War doesn't determine who is right. War determines who is left.