2/26/02 8:04:36 AM, [EMAIL PROTECTED] wrote: >I've read example after example (eachone slightly different than the others) and >tried them all. So far, none of them have been working. > >Rather than list the various ways I tried (and failed) I will start over again and >ask for help. I already have masquerading working, and have stealthed all ports >except 80 and 8080 (the two ports Ive been using for experimenting). > >I need to know how to do a "straight-through" portforward (Host1:8080 -> Host2:8080) >and a redirecting kind (Host1:8080 -> Host2:80). Obviously I wouldn't be using both >examples at the same time. > (Host1:8080 -> Host2:8080) : IFACE_INET=eth0 IFACE_INT=eth1 IP_INET=66.8.45.191 IP_HOST1=66.8.45.192 # You need the firewall to do 'proxy-arp' for you (something like 'ifconfig eth0:0 66.8.45.191') IP_HOST2=192.168.1.3
iptables -t nat -A PREROUTING -i $IFACE_INT -p tcp --dport 8080 -d $IP_HOST1 -j DNAT --to $IP_HOST2 iptables -t nat -A POSTROUTING -o $IFACE_INET -p tcp --sport 8080 -s $IP_HOST2 -j SNAT --to-source $IP_INET (Host1:8080 -> Host2:80): IFACE_INET=eth0 IFACE_INT=eth1 IP_INET=66.8.45.191 IP_HOST1=66.8.45.192 # You need the firewall to do 'proxy-arp' for you (something like 'ifconfig eth0:0 66.8.45.191') IP_HOST2=192.168.1.3 iptables -t nat -A PREROUTING -i $IFACE_INT -p tcp --dport 8080 -d $IP_HOST1 -j DNAT --to $IP_HOST2:80 iptables -t nat -A POSTROUTING -o $IFACE_INET -p tcp --sport 80 -s $IP_HOST2 -j SNAT --to-source $IP_INET >In the above examples Host1 is the Linux box with two NICs (eth0[ext] and eth1[int]) >and Host2 is on the firewalled network (the eth1 side). > >Once someone tells me how to do this I will try it out. If it works, Ill let you >know. If it doesn't, I'll respond with detailed info of what it did do. > > >Thank you in advance. >DJ >-- > > > > >__________________________________________________________________ >Your favorite stores, helpful shopping tools and great gift ideas. Experience the >convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ > >Get your own FREE, personal Netscape Mail account today at >http://webmail.netscape.com/ > >
