Basics: How to redirect a Telnet session
Novell Cool Solutions: Feature
Digg This -
Posted: 17 Aug 2005
Question: Hi, Could please tell me how I can redirect a telnet session on SUSE professional 9.2? I have 2 NICs, one external and one internal, and I want to redirect the incoming telnet session on the external card to the internal IP without changing the destination IP. Also is it possible to redirect a telnet session from internet comming on port 5000 to internal IP (source) going to the same destination on port 23?
Answer: For SUSE
NOTE: A short note or disclaimer before starting: Firewall is not a simple subject and a good firewall can take a while to develop.
The following is for information purposes only and should not be totally relied upon. I recommend you seek more information about developing a firewall by searching on the Internet. I accept NO responsibility for any damage done through the use of any of the following commands or ideas.
In answer to your question the answer is you must change the destination in order to redirect the traffic.
One of the main problems with setting up firewalls is making sure that the rules that filter the packets are complete. SUSE 9.2 has a special packet filter rules generator called /sbin/SUSEfirewall2. It uses parameters files in /etc/sysconfig to configure the rules. These parameters are set from YaST in the GUI.
Trying to figure out how all this works is quite difficult, especially as I know how to do what you want by making some iptables rules. First, I will tell you how to do that and then explore how we can get the new rules into the SUSE firewall.
In order to forward the traffic you will need to have the following two rules for your situation, which you can create on the fly at a console terminal.
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d <SOURCE_IP_RANGE> --dport 5000 -j DNAT –to INTERNAL_IP>:23
/sbin/iptables -A FORWARD -p tcp -i eth0 -d <INTERNAL_IP> --dport 23 -j ACCEPT
You can log the traffic using the following:
/sbin/iptables -A PREROUTING --dport 5000 -j LOG --log-level info --log-prefix "port forwarding telnet:"
For more information about iptables look at the iptables man page by typing the following in a terminal (command console)
$ man iptables
For a good beginners guide to firewalling try the following:
If this fixes your problem, then you have to get it to work for SUSE 9.2. You could cheat and create these rules in /etc/init.d/rc.local and run this file at the end of the init processes, which is after the SUSE firewall has been set up, but the real solution is to figure out how to use the new SUSE firewall method.
The config file in /etc/sysconfig recommends you read the documents in "/usr/share/doc/packages/SUSEfilewall2". If you are just as confused as I am, then maybe an email to SUSE support in Germany would help.
I actually don't use the SUSE firewall, preferring instead to use Guarddog, a user friendly firewall configuration GUI tool which kindly creates an understandable iptables script which you can run from an /etc/init.d script.
This Newbie answer has covered:
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com