Hi,
I think you should try the following, it works fine form me:
iptables -t nat -A PREROUTING -p tcp -d $IPADDR --dport 80 -j DNAT --to $PORTFWIP:80
iptables -A FORWARD -i $EXTERNAL_INTERFACE -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
iptables -A FORWARD -p tcp -d $PORTFWIP --dport 80 -i $INTERNAL_INTERFACE -j ACCEPT
you have to enable forwarding for your internal interface too, because it
will be blocked if your default policies are set to drop.
Best Regards,
MfG.
Stefan Walther
[EMAIL PROTECTED]
[EMAIL PROTECTED]
dienst.: +4930/89786448
Funk: +49172/3943961
"Scott Adamson" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
25.02.2002 13:37
To: <[EMAIL PROTECTED]>
cc:
Subject: Trying to forward port 80 to a different ip address
My setup is as follows:
eth0 -
address 203.89.239.135
broadcast 203.89.239.255
mask 255.255.255.0
eth1 -
address 192.168.0.81
broadcast 192.168.0.255
mask 255.255.255.0
eth1 is connected via a crossover cable to 192.168.0.51, which is the web
server.
I'm trying to get iptables to forward www requests coming in to
203.89.239.135 to
this second machine at 192.168.0.51. I have read the howto on linuxdoc,
plus the one on the netfilter site, they say to add something like
EXTERNAL_INTERFACE="eth0"
INTERNAL_INTERFACE="eth1"
IPADDR="203.89.239.135"
IPADDR_INT="192.168.0.81"
PORTFWIP="192.168.0.51"
$IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p
tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $IPADDR --dport 80 -j DNAT
--to $PORTFWIP:80
The packets seem to get redirected, as they don't go to the server at
203.89.239.135, they go nowhere. Can someone assist
with this, I have have found little information on the web except for
'just put in this PREROUTING line and it works great!' kind
of useless information. What else is required to get this to work ?
