iptables firewall -- redirect/forward an incoming packet to an internal host
Brad De Vries
devriesbj
Mon May 17 11:46:45 PDT 2004
My Linux box is currently configured (and working) as
the router and firewall for my internal network. Much
of this was accomplished using the SxS.
Now the hard part, I'm trying to setup a new rule in
my iptables-based firewall and I'm having difficulty.
I want to forward (or redirect) all tcp-based packets
from the Internet on a specific port to an IP on my
LAN.
eth0 --> Internet (IP=12.34.56.7)
eth1 --> LAN (IP=10.0.0.201/24)
I've tried a rule in my FORWARD chain:
iptables -A FORWARD -i eth0 -p tcp --sport 1503 \
-o eth1 -d 10.0.2.200 --dport 1503 \
-j ACCEPT
I've tried a DNAT rule in my PREROUTING chain of my
nat table:
iptables -t nat -A PREROUTING -p tcp -d 12.34.56.7 \
--dport 1503 --to-destination 10.0.2.200 \
-j DNAT
I've even tried putting these two, and several others,
together thinking that the PREROUTING would change the
destination IP and the FORWARD to pass it along.
Any help would be sincerely appreciated.
Brad.
__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com
More information about the Linux-users
mailing list