You generally need two rules to accomplish this. One prerouting rule to change the destination address and one forward rule to allow for the routing of the packets. Here is a setup which forwards HTTP to a particular host on a different interface. It uses a few variables but hopefully you'll get the idea.
/sbin/iptables -t nat -A PREROUTING -i $EXTIF -p tcp -d $HTTP1 --dport 80 -j DNAT --to $HTTPDMZ1 /sbin/iptables -A FORWARD -m state --state NEW -i $EXTIF -p tcp -d $HTTPDMZ1 --dport 80 -j ACCEPT ----- Original Message ----- From: "Mark Olliver" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 20, 2002 10:44 AM Subject: ssh & www access from the internet to the lan > > Hi > > I am having trouble writing some rules to allow ssh and www through the > firewall from the internet to a specific machine on the lan, whilst blocking > virtually everything else, > > At the moment my scripts seam to be blocking everything. > > Thanks > > Mark > > http://www.carsplus.co.uk/e-Card/mpo.shtml > > >
