Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User

RE: Port forwarding

  

 
iptables user RSS feed   Index | Next | Previous | View Threaded


netfilter at darrelldieringer

Jul 24, 2001, 8:28 AM

Post #1 of 2 (635 views)
Permalink
RE: Port forwarding
Make sure you have rules in your FORWARD chain to allow the now forwarded
traffic to reach the internal machines.

-----Original Message-----
From: netfilter-admin [at] lists
[mailto:netfilter-admin [at] lists]On Behalf Of Patrick Nelson
Sent: Monday, July 23, 2001 10:43 PM
To: 'Derek Tam'
Cc: netfilter [at] lists
Subject: RE: Port forwarding



Make sure the destination server has it's gateway set to the system running
the iptables dnat rules.

netfilter-admin [at] lists wrote:
-----------------------------------
Hi,

I have installed RH 7.1 and ran the following iptables
command to forward request to another server.
However, it doesn't work. Can anybody tell me why?

$IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
$STATIC_IP -j DNAT --to-destination 192.168.0.20:25
$IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
$STATIC_IP -j DNAT --to-destination 192.168.0.20:80
$IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
$LAN_IP -j DNAT --to-destination 192.168.0.20:25
$IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
$LAN_IP -j DNAT --to-destination 192.168.0.20:80

$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
192.168.0.0/16 -j DROP
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
0.0.0.0/8 -j DROP
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
172.16.0.0/12 -j DROP

where $STATIC_IP is the internet ip address.

Thanks,

Derek



__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/


aerodt at yahoo

Jul 24, 2001, 10:40 AM

Post #2 of 2 (596 views)
Permalink
RE: Port forwarding [In reply to]
Thanks Darrell Dieringer, Patrick Nelson and those who
responded to my email.

It is because my FORWARD chain isn't setup properly.
It drops all packets from my $STATIC_IP. I have the
following rules for FORWARD chain and want know how I
can setup the FORWARD chain to allow port forward to
another host.

$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 3/minute
--limit-burst 3 -j LOG --log-level DEBUG --log-prefix
"IPT FORWARD packet died: "
$IPTABLES -P FORWARD DROP

Thanks,

Derek




--- Darrell Dieringer <netfilter [at] darrelldieringer>
wrote:
>
> Make sure you have rules in your FORWARD chain to
> allow the now forwarded
> traffic to reach the internal machines.
>
> -----Original Message-----
> From: netfilter-admin [at] lists
> [mailto:netfilter-admin [at] lists]On Behalf Of
> Patrick Nelson
> Sent: Monday, July 23, 2001 10:43 PM
> To: 'Derek Tam'
> Cc: netfilter [at] lists
> Subject: RE: Port forwarding
>
>
>
> Make sure the destination server has it's gateway
> set to the system running
> the iptables dnat rules.
>
> netfilter-admin [at] lists wrote:
> -----------------------------------
> Hi,
>
> I have installed RH 7.1 and ran the following
> iptables
> command to forward request to another server.
> However, it doesn't work. Can anybody tell me why?
>
> $IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
> $STATIC_IP -j DNAT --to-destination 192.168.0.20:25
> $IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
> $STATIC_IP -j DNAT --to-destination 192.168.0.20:80
> $IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
> $LAN_IP -j DNAT --to-destination 192.168.0.20:25
> $IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
> $LAN_IP -j DNAT --to-destination 192.168.0.20:80
>
> $IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
> 192.168.0.0/16 -j DROP
> $IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
> 0.0.0.0/8 -j DROP
> $IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
> 172.16.0.0/12 -j DROP
>
> where $STATIC_IP is the internet ip address.
>
> Thanks,
>
> Derek
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute
> with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
>
>
>
>
>


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

iptables user RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.