[TCLUG] Port switching

[^chewie]

Jason Sowers wrote:
> Does anyone know if there is hardware/software out there
> that will allow me to switch TCP/UDP ports of
> communication as it traverses a DMZ?  For example, if you
> have a web server that is outside of you network that is
> getting information from a DB server on the inside of your
> network, is there anyway to switch the packet from port 80
> to port 5000 as it crosses the DMZ?  Maybe Linux can do it
> or some package on Linux.  I can't find anything that will
> do it.  Cisco can't so I don't know really where to go.
> Any input/leads would be great.

#!/bin/sh
#
# NAT script to "port forward" packets from destination port
# 80 to destination port 5000
#
# Required: Linux 2.4 and iptables(1)
#
IPT=/usr/sbin/iptables
EXTIF=eth0 
INTIF=eth1 
EXTIP=209.98.212.224
WEBIP=209.98.212.225
DBIP=192.168.1.10

# Destination Network Address Translation
$IPT -t nat -A PREROUTING -j DNAT -i $EXTIF -s $WEBIP/32 -d $EXTIP/32 \
        -p tcp --dport 80 --to $DBIP:5000

# Accept the packet for fowarding
$IPT -t filter -A FORWARD -j ACCEPT -i $INTIF -s $WEBIP/32 -d $DBIP/32 \
        -p tcp --dport 80

echo "Read the NAT and Filtering HOWTO's provided with iptables(1)"

-- 
^chewie

Sorry about not signing my email...I can't get access to my
home workstation today. CCW-20010320