Re: Kicked me of self! :-/

[Benjamin Hackl <benjamin.hackl@focusmr.com>]

On Wed, 8 Apr 2009 09:13:40 +0200
Stephan Balmer <sb@lia.ch> wrote:

> > So what I need now, is the setup for the IP Tables to  get  the
> > traffic forwarded from eth0/eth1 to the servers in eth2 where I have
> > 
> > eth0 -> smtp/imap -> 192.168.0.196 <mail.tamay-dogan.net>
> >         http      -> 192.168.0.200 <www.tamay-dogan.net>
> > (VServer) http:9999 -> 192.168.0.210 <www.debian.tamay-dogan.net>
> > (VServer)
> > 
> > eth2 -> smtp/imap -> 192.168.0.220 <mail.tdwave.net>
> >         http      -> 192.168.0.221 <www.tdwave.net>
> > (VServer) http:9999 -> 192.168.0.230 <www.debian.tamay-dogan.net>
> > (VServer) pgsql     -> 192.168.0.240 <pgsql.private.tamay-dogan.net>
> 
> You want to have a look at the DNAT section in the iptables manual.
> 
> And to get you up to speed,
> 
> 	iptables -t nat -A PREROUTING \
>                  --destination <PUBIP> -m tcp --destination-port
> <PUBPORT> \ --jump DNAT --to-destination <PRIVATEIP>:<PRIVATEPORT>
>  
> seems to be what you need.

That's right.
Could look somewhat like that for port smtp/25
on eth2 -> 192.168.0.220:25

 iptables -t nat -A PREROUTING \
   -i eth2 -p tcp --dport 25 -j DNAT \
   --to 192.168.0.220:25

And don't forget to accept the packet itself ;-)

 iptables -A INPUT -p tcp -m state --state NEW \
   --dport 25 -i eth2 -j ACCEPT


--
Freundliche Gruesse/Best Regards
Benjamin Hackl
IT/Administration

Media FOCUS Research Ges.m.b.H.
Maculangasse 8, 1220 Wien
Tel.-Nr.: +43 1 258 97 01-295
benjamin.hackl@focusmr.com
http://www.focusmr.com/