This is achieved by the redir utility. You can find a package for this utility at ftp://ftp.solucorp.qc.ca/pub/misc
By default, redir will redirect all TCP traffic hitting a port on the firewall machine. This might not be what you want. For example, you may have several web server hidden behind the firewall and you want to make several of them available on the net. You will do this by configuring some IP aliases, one for each internal server, and then using some firewall rules, you will redirect the traffic for each one separately to one redir configuration.
Here are the steps:
redir1 tcp/10000 redir2 tcp/10001 . .
redir1 stream tcp nowait root /usr/sbin/redir redir --inetd [--ftp] iserver1 iport redir2 stream tcp nowait root /usr/sbin/redir redir --inetd [--ftp] iserver2 iport . .
Where iserver1 is the IP or name of the first internal server you want to reach and iport1 is the port number of the service. Note that redir1 and iport1 are unrelated.
The --ftp option is used if the target service is ftp.
At this point, you can point a telnet session to your firewall/gateway box like this, and you will reach your intra-net server. Try this just to prove you are going in the good direction.
telnet gateway-box 10000
The purpose of those rules is to associate one port and one IP number to the redirection process.
You must enable the firewall module in Linuxconf. Then in the firewall defaults, you must enable the blocking firewall.
Note that once you have done that, you will need to provide blocking to access the box: The box will be locked. Once you have a suitable firewall, you will need to add one blocking rule per redirection, like this:
[X] This rules is active Rules policy (o) accept [x] redirect to local port redirection port: redir1 from: Host or network: 0.0.0.0 Netmask: Port range: Other ports: Interface: Any To: Host or Network: IP alias for first server Netmask: Port range: Other ports: port you want to access on first server Interface: Any
Activate those rules and you will have access to you Intranet servers from the Internet.