forward all (or most) ports in one fell swoop?
Aaron A. Wolfe
Mon, 13 Aug 2001 18:36:10 -0400
i've been playing with iptables for a while and managed to answer most of my
own questions, but one thing has me stumped. maybe i'm missing something
at home i used to have a linksys cable "router" that had a neat option: you
could define one internal IP as the "dmz host" which had the effect of
forwarding all traffic not forwarded elsewhere to that internal IP. This
made things like ICQ and online games work really well on my windoze
workstation, since I didn't have to know what ports to forward back to the
various clients so their servers could be happy. I just blocked a few ports
know to be evil and said "good enough" as security isnt that much of a
concern to me (At home at least). This gave me the benefits of NAT (lots of
machines on the cable) without NAT hassles on my own workstation.
now i have a linux box in place of the linksys and I am really enjoying
playing with iptables, snort and even poking around with traffic shaping a
bit. Having things like ip_conntrack_ftp makes NAT less of a hassle for
sure. But, a few things aren't as smooth as before.
I havent found a way to forward lots of ports back to my workstation's IP at
once. I guess I could make a ton of rules, and even make a little script to
write those tons of rules, but this seems a bit silly. It seems if that
somewhat cheesy Linksys could do it then linux certainly must be able to.. ?
Am I missing something? Reading all I can find but haven't stumbled across
Thanks for any insight!