Re: [SLUG] port redirection

From: Steve (steve@szmidt.org)
Date: Fri May 07 2004 - 21:11:13 EDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 07 May 2004 08:07 pm, Austin Theen wrote:
> On Fri, 2004-05-07 at 18:15 -0400, Steve wrote:
> > The only reason I would ever pick a commercial router these days is the
> > size. You are soo much better off building a Firewall/NAT/router than
> > buying one purely for security, flexibility and performace. I always
> > use a lesser computer like an old IBM who knows how to make long
> > lasting hardware.
>
> I've been down this road. I have seen the light, and it was good.
> However, there is an awful lot of extra processing power going to waste
> just tossing little packets around. Expending upwards of 140 watts on a
> typical low end desktop, the management of said system (patching sshd,
> firewall config and any additional services you run). I'm trying to
> migrate everything back onto one (or two for clustering) for
> manageability and space savings.
>
> So back to the real question: Is there a quick hack to have a linux box
> listening on port 9161/udp forward locally to 161/udp ? Can't I use
> iptables to do this? I'm gonna go try to hack some iptables to do it,
> keep you posted.

Hmm, you should be able to redirect to the loopback device, or maybe even
the same NIC. I've never tried that as it' not a good idea to have any
services run on a firewall.

> > (I'm waiting to get some time over to build one based on the mini size
> > motherboards. They are about 4x4 inches. Once I do I'll be happy to
> > share the "formula" as there are a few issues to stay clear off.)
>
> Another cool device you may want to try are the generic compact flash
> based pc104 chassised routers in a can. they are the same size as normal
> routers but have a mini linux install on the cf card. You can ssh to
> them, setup all shorewall and manage the whole thing with webmin. I'll
> dig up a link for you. http://openbrick.org/ or the new 3 watt mips
> based device with 2 nics and ide cf hard drive
> support.http://linuxdevices.com/news/NS7713667720.html
>
>
> Austin Theen

- --
Steve

"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
                                Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAnDO0ljK16xgETzkRAkIZAKCZPp7JM3IT+Cu3hWb/PK5oRpkHUwCgr+F4
7YPXqeKjY2yNg7O41kE2/yY=
=iAfI
-----END PGP SIGNATURE-----

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:55:22 EDT