Re: Can't get portforwarding to work

Mon, 25 Feb 2002 23:24:37 -0800 

First case: Host1:8080 -> Host2:8080

1) Put a DNAT rule at the beginning of your rule set:
iptables -t nat PREROUTING -p tcp -d <eth0's IP> \
        --dport 8080 -j DNAT --to <host2's IP>:8080

2) Put a forwarding rule:
iptables -A FORWARD -p tcp -d <host2's IP> --dport 8080 -j ACCEPT

3) Add a third POSTROUTING SNAT rule for accessing from the internal
network:
iptable -t nat -A POSTROUTING -d <host2's IP> -s \
        <local net> -p tcp -j SNAT --to <eth1's IP>


The second case (Host1:8080 -> Host2:80) is very similar to the first:

1) Put a DNAT rule at the beginning of your rule set:
iptables -t nat PREROUTING -p tcp -d <eth0's IP> \
        --dport 8080 -j DNAT --to <host2's IP>:80

2) Put a forwarding rule:
iptables -A FORWARD -p tcp -d <host2's IP> --dport 80 -j ACCEPT

3) Add a third POSTROUTING SNAT rule for accessing from the internal
network:
iptable -t nat -A POSTROUTING -d <host2's IP> -s \
        <local net, e.g. 192.168.1.0/24> -p tcp -j SNAT --to <eth1's IP>


Hope this works for you.


----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 26, 2002 1:04 AM
Subject: Can't get portforwarding to work


> I've read example after example (eachone slightly different than the
others) and tried them all. So far, none of them have been working.
>
> Rather than list the various ways I tried (and failed) I will start over
again and ask for help. I already have masquerading working, and have
stealthed all ports except 80 and 8080 (the two ports Ive been using for
experimenting).
>
> I need to know how to do a "straight-through" portforward (Host1:8080 ->
Host2:8080) and a redirecting kind (Host1:8080 -> Host2:80). Obviously I
wouldn't be using both examples at the same time.
>
> In the above examples Host1 is the Linux box with two NICs (eth0[ext] and
eth1[int]) and Host2 is on the firewalled network (the eth1 side).
>
> Once someone tells me how to do this I will try it out. If it works, Ill
let you know. If it doesn't, I'll respond with detailed info of what it did
do.
>
>
> Thank you in advance.
> DJ
> --
>
>
>
>
> __________________________________________________________________
> Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/
>
> Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/
>
>
>

Reply via email to