Thanks for reply, seems that as expexted.
One idea, which might work (based on port 587 usage as in
http://www.howtoforge.com/forums/showthread.php?t=54981
On (my) router very limited # for portforwards, so I would save do it as "bulk"
Quote:
Application Start End Protocol IP Address Enabled
server1 5110 5130 192.168.0.11
server2 5210 5230 192.168.0.12
server3 5210 5230 192.168.0.13
...
|
Then I would have a script on each server at startup
e.g. server1 with settings
Quote:
iptables -t nat -A PREROUTING -p tcp --dport 5110 -j REDIRECT --to-ports 21
iptables -t nat -A PREROUTING -p tcp --dport 5111 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -p tcp --dport 5113 -j REDIRECT --to-ports 53 ...
iptables -t nat -A PREROUTING -p tcp --dport 5114 -j REDIRECT --to-ports 80 ...
....
iptables -t nat -A PREROUTING -p tcp --dport 5112 -j REDIRECT --to-ports 587
|
e.g. server2 with settings
Quote:
iptables -t nat -A PREROUTING -p tcp --dport 5110 -j REDIRECT --to-ports 21
iptables -t nat -A PREROUTING -p tcp --dport 5211 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -p tcp --dport 5213 -j REDIRECT --to-ports 53 ...
|
etc.
Obviously I have to add these manually on each, but replace makes it easy / commenting out possible. Also in local netwotk orginal ports still open i.e. between servers and fot local users (ftp on port 21....)
I tried to look also how to add permanently on ISPConfig3 (3.0.4.1, squeeze) server, but could not find yet. Tried to follow
http://wiki.debian.org/iptables
created /etc/iptables.test.rules
Quote:
*filter
-A PREROUTING -p tcp --dport 5112 -j REDIRECT --to-ports 587
|
then as su:
Quote:
# iptables-restore < /etc/iptables.test.rules
iptables-restore: line 2 failed
|
Any good advice on firewall?