Essentially, I guess, using this PC as a router for just one port.
This PC has two NICs in it. The first has static address 192.168.1.250 and is the default gateway to the Internet. There’s a mail server running as well. We have a separate Barracuda Spam appliance running on this subnet at 192.168.1.200. A router on the Internet takes care of forwarding incoming ports to the correct appliance.
The mail server has a second NIC that has static address 192.168.50.3 and which is exposed to our internal office network. People can directly access the Mail server, but not the Barracuda appliance. (Obviously.)
What I’d like to do is have any request coming in on 192.168.50.3:443 to be automatically forwarded to Barracuda at 192.168.1.200, through this mail server.
I could write a little gadget program in C that does this. It would simply listen on 192.168.50.3:443 and instantly forward all packets, intact, to 192.168.1.200. But I figured Linux probably has the capability built into it, and that would doubtless be more elegant.
I’m not an iptables Guru, but I can get around with it. Any suggestions?
I think this is very OT because it does not contribute to a solution.
But every time when somebody has network questions like this, I am completely lost about their network layout halfway their post. Is it not possible to have some schematic drawing going with such stories? and when yes, could we encourage using such a thing.
I have seen many threads going nowhere beacuse everybody saw a different picture in his mind of what was said.
> This PC has two NICs in it. The first has static address 192.168.1.250
> and is the default gateway to the Internet. There’s a mail server
> running as well. We have a separate Barracuda Spam appliance running on
> this subnet at 192.168.1.200. A router on the Internet takes care of
> forwarding incoming ports to the correct appliance.
>
> The mail server has a second NIC that has static address 192.168.50.3
> and which is exposed to our internal office network. People can directly
> access the Mail server, but not the Barracuda appliance. (Obviously.)
>
> What I’d like to do is have any request coming in on 192.168.50.3:443
> to be automatically forwarded to Barracuda at 192.168.1.200, through
> this mail server.
>
> I could write a little gadget program in C that does this. It would
> simply listen on 192.168.50.3:443 and instantly forward all packets,
> intact, to 192.168.1.200. But I figured Linux probably has the
> capability built into it, and that would doubtless be more elegant.
>
> I’m not an iptables Guru, but I can get around with it. Any
> suggestions?
Our iptables frontend is SuSEfirewall2, which can be configured via YaST or
it’s configuration file /etc/sysconfig/SuSEfirewall2.
I agree completely. Just can’t help or write anything sensible on no more info than some IP’s thrown in. And if not in drawing, then at least give an accurate description.
Actually, I agree with you. The problem is, it’s not easy to diagram more complex networks in ASCII, especially given that this editor wants to wrap text when it gets too long.
That is why I wrapped mine inside CODE wrappers. The layout is not disturbed (fixed font used) and when lines are long, a ruler is made available, no text wrapping.
Off course it did wrap in the input field, but I staunchly type on and on. And hen selected the whole bunch and clicked the # button above. First used “Previwe Post” to see what it did. Then even added mmor characters to the line and in the end did “Submit”. No special settings done AFAIK.
The goal is to get the Office PCs into that Barracuda, using the Mail Server to route/port forward. Assume the mail server is running Opensuse 11.0 (it’s actually running CentOS at present, but I can easily change that). It has two NICs with the addresses shown.
In truth, I think Andrew has already answered my question. I’ll load Opensuse 11 on it and tinker with SuseFirewall in Yast.
PS – I’ve tried things like a Little Blue Box router between the two networks. It was surprisingly difficult to stop office PCs – especially Windows machines! – from getting Internet access through the mail system. That mail subnet is already busy enough; its DSL line does NOT need more load on it. The office net has its own Internet access (not shown in the drawing because it’s not pertinent to the question here).
Realy nice picture. Says more then a hundred words.
And yes, I would have generated it using vi in a console I think. And then pasted it. You did something like that I suppose.
Yes, I think Andrew gives you a good point to start from. Of course there must be a route statement in the PC’s telling them that 192.168.1.0/24 network is via 192.168.50.3 and not via their default gateway.
I only use vi if I’m stranded on a deserted island with no water or food and I’m absolutely desperate.
The day that Linux (and Unix in general) finally loses vi will be a day for celebration, as far as I’m concerned. When I’m forced to edit at a CLI prompt, I use nano or pico. (Yeah, they stink, too, but not nearly as bad as vi.)
> The day that Linux (and Unix in general) finally loses vi will be a day
> for celebration, as far as I’m concerned. When I’m forced to edit at a
> CLI prompt, I use nano or pico. (Yeah, they stink, too, but not nearly
> as bad as vi.)
With vi being part of the POSIX specifications, I don’t see that happening.
I do not say it is the most user friendly app I know, but as I am using it for more then twenty years, I am at least used to a subset of its possibilities. I fully value newer editors and their users. They are right and I am old-fashioned. But at a rescue system … I am glad when I can use it (or even only ed).
