Re: [PLUG] Iptables/Port Forwarding

LeRoy Cressy on Mon, 10 Mar 2003 07:34:14 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Iptables/Port Forwarding

From: LeRoy Cressy <leroy@lrcressy.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Iptables/Port Forwarding

Date: Mon, 10 Mar 2003 06:34:13 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

This is what I use:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 \ - -m limit --limit 1/hour -j LOG --log-level info \ - --log-prefix "Forward WWW Request " iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 \ - -j DNAT --to 192.168.10.1

- -i is the ethernet card connected to the Internet - -p tcp protocal - --dport 80 is the destination port. Most web requests are sent on port 80 and unless you are using a closed private system that you do not want the world to see then you should be using port 80 unless you mangle the packet in the router and change the destination port of the incoming packet.

I hope this helps

Naresh wrote:
Group:

I have 2 computers, 1 of them the gateway has 2 NICs (eth0 && eth1), and my other masqued client wants to be my webserver (port 80). I have my simple masq rules set like this. The client can ping the outside world, but when I do http://staticAddress:8888, I get an error.

----------------------------------------------------------------

IPTABLES=/sbin/iptables EXTIF="eth1" INTIF="eth0" echo "1" > /proc/sys/net/ipv4/ip_forward

#CLEAR THE RULES $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPTABLES -A FORWARD -j LOG

$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

#THE MAIN FORWARDING

$IPTABLES -t nat -A PREROUTING -p tcp -i eth1 -d 66.71.91.54 --dport 8888 -j DNAT --to 192.168.0.2:80

$IPTABLES -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT

Thanks, Naresh _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

- -- Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\ http://lrcressy.com ( o.o ) Phone: 215-535-4037 > ^ <

gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA

Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQE+bHhCP+/m2oUBr+oRAk43AJ4vhMsY/rQCuyFbtCP97bEcSjc7LACeKnbe zlplUVqY9AYAcnMld9kHtk8= =x8LR -----END PGP SIGNATURE-----

_________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Iptables/Port Forwarding
From: Naresh <nganta@myrealbox.com>

References:

[PLUG] Iptables/Port Forwarding
From: Naresh <nganta@myrealbox.com>

Prev by Date: Re: [PLUG] OT: abuse lists

Next by Date: Re: [PLUG] GnuCash

Previous by thread: [PLUG] Iptables/Port Forwarding

Next by thread: Re: [PLUG] Iptables/Port Forwarding

Index(es):

Date

Thread