On Wed, Apr 24, 2002 at 11:04:58PM -0400, Brandon Oliver wrote:
> Hello all,
> I am IPTABLES newbie having problems setting up a local network port
> forwarding rule.I have a Redhat 7.2 box running IPTABLES 1.2.5, this box is
> my
> router/firewall.Behind this box sits my local network 192.168.100.0/24.
> On this network I have an NT WEB\Email server at 192.168.100.2. My
> internet IP is 66.57.5.60 which is eth0, which my domain name is also
> registered
> to. I need to construct a rule set that will forward any request from my
> local network to 66.57.5.60:80 to 192.168.100.2:80
This one is tricky. These are my assumptions in this scenario. Adjust
as needed:
1) You have eth0 (ext) and eth1 (int).
2) You do not have 10/8 anywhere in your network.
Then the rules are these:
iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/16 -d 66.57.5.60 \
-p tcp --dport 80 -j DNAT 192.168.100.2
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/16 -d 192.168.100.2 \
-p tcp --dport 80 -j SNAT 10.0.0.1
The second SNAT is essential as you make sure that the packets get
back to the router. You, of course, could use any IP in the SNAT
which is not accessible in your LAN directly, eg, you could SNAT
to 66.57.5.60.
Hope it helps.
Ramin
>
> Any help would be greatly appreciated,
>
> Brandon Oliver
