For FTP connection
tracking, you need to have the following modules loaded:
ip_conntrack
ip_conntrack_ftp
ip_nat_ftp
478
Choosing and Installing a Linux Distribution Part III
For client computers to use some chat servers from behind the firewall, you need to add connection
tracking and NAT as well. In those cases, addresses and port numbers are stored within the IRC
protocol packets, so those packets must be translated, too. To allow clients on your LAN to use
IRC services, you need to load the following modules:
ip_conntrack_irc
ip_nat_irc
The default port for IRC connections is 6667. If you don??™t want to use the default, you can add
different port numbers when you load the connection-tracking modules:
# modprobe ip_conntrack_irc.o ports=6668,6669
Using iptables as a Transparent Proxy
You can use REDIRECT to cause traffic for a specific port on the firewall computer to be directed to
a different port. This feature enables you to direct host computers on your local LAN to a proxy
service on your firewall computer without those hosts knowing it.
Here??™s an example of a command line that causes a request for Web service (port 80) to be directed
to a proxy service (port 3128):
# iptables -t nat -A PREROUTING -p tcp --dport 80 \
-j REDIRECT --to-ports 3128
(This example should actually appear on one line.
Pages:
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938