Re: [MLUG] port forwarding question

[Herbert Wolverson <EMAIL:PROTECTED>]

On Thu, May 06, 2004 at 09:10:20AM -0500, Jason McIntosh wrote:
> Ok, had to ask this.  Is there anyway I can do a sorta proxy server 
> using tunneling or ipfw (OS X Server machine)?   
> i.e. Have any requests on my home machine to port 500 go to my main 
> website at port 80 or something like that?  This would also require 
> responses to go back through my home machine.  The idea is to setup 
> telnet so requests can be forwarded from one server to another.  i.e. 
> someone telnets to my home machine on a certain port, my machine 
> forwards traffice to another machine on a different port, and transfers 
> communication from that second machine, back to the client. 
> 
> Anyone have any suggestions?  Do I just need a small proxy telnet 
> server?  I could probably figure it out with enough time, but thought 
> I'd ask.   

Assuming you use natd+ipfw (I've not used OS X, but if it has ipfw it
probably also has natd given its FreeBSD heritage!), this is really 
straightforward.

(A.B.C.D = your internal machine's IP address)
If you have natd loading a config file, add a line like this:
redirect_port tcp A.B.C.D:80 500

If you load natd from the command line, the syntax is something like
-redirect_port tcp A.B.C.D:80 500
(I don't do it this way, so I'm not 100% sure).

Then in your firewall, you need to make sure that traffic is allowed
between the world and your internal server. If the rule is after your
divert, you can ignore the port 500 part - natd translates the request
into a straightforward connection from the world to A.B.C.D:80. So:
ipfw add 500 allow tcp from any to A.B.C.D 80 setup

or

ipfw add 500 allow tcp from any to A.B.C.D 80 keep-state
(if you use stateful inspection).

Hope this helps,
Herbert.
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members