|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Iptables/Port Forwarding
|
LeRoy,
Its not working for some reason. I am pretty sure apache is running on
192.168.0.2 (I can get to it locally). BTW, I added your lines at
the end of my script (modified
eth0 -> eth1).
I did "links http://66.71.91.54:80"; and I get not found. "links
192.168.0.2:80" works
Wierd...
Naresh
On Mon, 10 Mar 2003, LeRoy Cressy wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This is what I use:
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 \
> - -m limit --limit 1/hour -j LOG --log-level info \
> - --log-prefix "Forward WWW Request "
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 \
> - -j DNAT --to 192.168.10.1
>
> - -i is the ethernet card connected to the Internet
> - -p tcp protocal
> - --dport 80 is the destination port. Most web requests are sent on port
> 80 and unless you are using a closed private system that you do not want
> the world to see then you should be using port 80 unless you mangle the
> packet in the router and change the destination port of the incoming packet.
>
> I hope this helps
>
> Naresh wrote:
> > Group:
> >
> > I have 2 computers, 1 of them the gateway has 2 NICs (eth0 && eth1), and
> > my other masqued client wants to be my webserver (port 80). I have my
> > simple masq rules set like this. The client can ping the outside world,
> > but when I do http://staticAddress:8888, I get an error.
> >
> > ----------------------------------------------------------------
> >
> > IPTABLES=/sbin/iptables
> > EXTIF="eth1"
> > INTIF="eth0"
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> >
> > #CLEAR THE RULES
> > $IPTABLES -P INPUT ACCEPT
> > $IPTABLES -F INPUT
> > $IPTABLES -P OUTPUT ACCEPT
> > $IPTABLES -F OUTPUT
> > $IPTABLES -P FORWARD DROP
> > $IPTABLES -F FORWARD
> > $IPTABLES -t nat -F
> >
> > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
> > ESTABLISHED,RELATED -j ACCEPT
> > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
> > $IPTABLES -A FORWARD -j LOG
> >
> > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
> >
> > #THE MAIN FORWARDING
> >
> > $IPTABLES -t nat -A PREROUTING -p tcp -i eth1 -d 66.71.91.54 --dport 8888
> > -j DNAT --to 192.168.0.2:80
> >
> > $IPTABLES -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT
> >
> >
> > Thanks,
> > Naresh
> > _________________________________________________________________________
> > Philadelphia Linux Users Group -- http://www.phillylinux.org
> > Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
> > General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
> >
> >
>
>
> - --
> Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\
> http://lrcressy.com ( o.o )
> Phone: 215-535-4037 > ^ <
>
> gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA
>
> Jesus saith unto him, I am the way, the truth, and the life:
> no man cometh unto the Father, but by me. (John 14:6)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (GNU/Linux)
> Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
>
> iD8DBQE+bHhCP+/m2oUBr+oRAk43AJ4vhMsY/rQCuyFbtCP97bEcSjc7LACeKnbe
> zlplUVqY9AYAcnMld9kHtk8=
> =x8LR
> -----END PGP SIGNATURE-----
>
> _________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
> General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
>
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|