« Hosting web - Chapter 24 . Implementing Firewalls in SUSE Linux
Web server info - Chapter 24 . Implementing Firewalls in SUSE Linux »

626 Part IV . Implementing Network Services in (Web hosting rating)

626 Part IV . Implementing Network Services in SUSE Linux Here, iptables will append to the FORWARD chain, allowing through any TCP traffic that is destined for the SMTP port on 192.168.1.3 entering the firewall on eth1 and leaving on eth0. When set, all traffic destined for port 25 on the firewall public interface is successfully forwarded to 192.168.1.3. Redirecting Traffic What if you want to redirect traffic to a different port on the firewall? This is very common when you are setting up a transparent HTTP proxy with something like Squid or another content proxy. A redirection rule does not redirect to an IP, only a port. This makes it a local rule to the firewall only. With this in mind, any redirect rules must have a matching INPUT rule allowing the traffic to be accepted on the redirected port. bible:~ # iptables t nat A PREROUTING p tcp - dport 80 i eth0 s 192.168.1.0/24 j REDIRECT - to-port=3128 bible:~ # iptables A INPUT p tcp - dport 3128 s 192.168.1.0/24 j ACCEPT In the first instance, we have told iptables to append to the PREROUTING chain in the NAT table. Any traffic that is TCP-based, destined for port 80 (HTTP), entering the firewall in eth0 from 192.168.1.0/24 should be redirected to port 3128 on the firewall itself. In the second instance, we have appended to the INPUT chain (traffic destined for the firewall itself), allowing TCP traffic destined for port 3128 (the standard Squid proxy port number) from the 192.168.1.0/24 network. So, any outbound traffic (to the Internet) that is for port 80 (HTTP) will be redirected to port 3128. Assuming that you have Squid running and properly configured as a transparent proxy, all of your web traffic will be automatically cached. Cross-For more information on Squid, see Chapter 26. Reference Allowing ICMP Traffic It is all well and good having a secure firewall, but you still need to be able to receive ICMP traffic so that your users, you, and other Internet users are aware if there is a problem.
In case you need quality webspace to host and run your web applications, try our personal web hosting services.

This entry was posted on Saturday, September 29th, 2007 at 3:30 pm and is filed under Domain. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply