I need to punch a hole through iptables for an upload application that's going to sit on an internal machine. Most of what I've seen on the net are rules where only the destination IP is defined. Not quite what I want to happen. Here's what I want to do:
The firewall machine has a public IP on eth0. I'm going to add another on eth0:0 (in the future I'll continue adding to eth0:1, eth0:2, etc., etc.) and I would like requests coming in on that new address to route through the firewall to connect to the internal machine (which has a private IP.)
I'm not sure that you've disclosed all your setup, but it sounds it's likely like a mate has.
His IAP has assigned eight (six usable) public IP addresses to his use. Additionally, he has a separate public IP address (but private would work) for his internet connexion.
If this looks bizarre, use a fixed font:)
<The world> == <Mate's firewall> == <maybe six servers> (front) (back)
If I were setting this up, I'd create the necessary routes in the firewall to direct traffic for the servers out the back. There is no need to have any interfaces in the firewall with the server IP addresses (or any public IP address if the IP assigned a private IP address for the front of the firewall).
What we have where I work is a single IP address and that's taken by the Billion ("hardware" router), and running servers inside (eg mail) requires a dummy interface with our public IP address on it coz the Billion gets confused about traffic for the front interface appearing at the back.
--
Cheers John
-- spambait 1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
