![]() ![]() Note: Webmin only parses the rules from the /etc/sysconfig/iptables file. Note: you'll need the perl-Net-SSLeay module to get access via SSL ( If you can access Webmin on the server, locally or remotely, expand "Networking" in the left column and then "Linux Firewall". Otherwise it's opening port 10000 via the CLI and the iptables command. If you do not have port 10000 open, you only get local access, provided you have a GUI environmentĪnd browser installed or the firewall is disabled briefly for remote access, which is not recommended. I usually open port 10000 during the the install process, since I know that I'llīe installing Webmin at some point. Port 10000 in iptables/netfilter, the default "firewall" for CentOS. By default webmin listens on port 10000, so you would normally open Webmin runs its own server, but not its own firewall. ![]() I suspect now that the initial contact is being made, but that the SSH server on the internal network is unable to respond. My next task is to check the masquerading. Web searches such as "+rhel +'port forwarding' +webmin" and "+centos +'port forwarding' +webmin" return hundreds of hits, but mostly of (a) people wanting to know how to forward from an external router TO the Webmin/CentOS machine, or (b), wanting to know how to do what I'm asking here!! :) I know that it can be done but I wanted to know how to do it under CentOS. Plus, this is an intellectual exercise and a learning experience for me. If I can be assured that Webmin won't undo the changes made at the command line, or if I can just find where Webmin's firewall configuration is at so that I can manually poke in the changes, we should be covered. I considered using a dedicated firewall distro, such as MonoWall or IPCop, but for other reasons (which I won't get into here), that's not a preference. I will of course be able to go in via SSH and Webmin to do major changes, but I want the locals to be able to add and delete things (in specific, we use MAC filtering to grant/deny access to the Internet through this firewall, and they can't wait on me if there's a hire or fire). In brief, it's because I'm building the server, and then I'll ship it halfway across country to another city. Let me explain why I'm trying to set this up with Webmin. Iptables -t nat -A PREROUTING -p tcp -i eth0 -dport 80 -j DNAT -to 192.168.1.201:80įorwards request to the firewall for port 80 to 192.168.1.201. Where portnum is the port number requested by the external request and ipaddress:portnum is the internal address and portnumber of the server and the daemon the server provides Iptables -t nat -A PREROUTING -p tcp -i eth0 -dport portnum -j DNAT -to ipaddress:portnum To do this using iptables, use the PREROUTING chain within the nat table as follows This may not be so desirable with respect to the exposing an internal port to the outside world. To avoid having to use a public IP address, it is possible for the firewall to forward the incoming request (from outside the local area network) to the internal server. ![]() There may be occasions where the local area network behind a masquerading firewall contains a server which needs to be publicly accessed. Iptables and port forwarding should solve your problem. The test in this case is SSH, and I know that SSHD is working properly because I can log into that machine just fine from another PC on the same internal subnet. ![]() But when I log in to :port, it just times out. I *am* opening the ports in the firewall. But there's obviously something they're leaving out. I've read the sparse Webmin documentation in their Wiki, and it leads one to believe that you simply insert a "NAT" rule. But OpenSuse 10.3 is nearing EOL, we're buying a new machine, and I'd like to use CentOS on the new one. We're currently using OpenSuse 10.3 on this box, and YaST makes this criminally easy (you give it the incoming port number and the destination IP/port numbers and it just works). We have a BUNCH of exposed services that are on special ports - for example, to connect to one machine, you go in with :12000, and to connect to another, :12002, etc., etc. Internet - NIC1 NIC2 - Switch to other PCs Can anyone here point me to a walk-through or discussion of how to use Webmin to set up port forwarding/NAT on a dual-NIC Centos 5.3 box? The layout will be simple: ![]()
0 Comments
Leave a Reply. |