I've got a firewall script (modded TrinityOS Firewall) that port forwards just fine with the inclusion of the following 2 lines $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 10.121.128.98 --dport 411 -j DNAT --to 192.168.0.2:80 $IPTABLES -A FORWARD -p tcp -i eth0 -d 192.168.0.4 --dport 411 -j ACCEPTI wonder how this can work. The destination address and port in the two rules don't match each other.DNAT to : 192.168.0.2:80 FORWARD : 192.168.0.4:411
Yeah, noticed that right after posting - duh! Funny thing is that it works :-/
Should be:- DNAT to : 192.168.0.4:411 FORWARD : 192.168.0.4:411
$IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F echo echo -e " - Allowing EXTERNAL access to the WWW server" echo$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $UNIVERSE --dport 80 -j ACCEPTThe INPUT default policy is already set to ACCEPT, so what's the use of this rule ? Besides, valid HTTP packets cannot be in the RELATED state but ony NEW or ESTABLISHED.
Umm, "$IPTABLES -F INPUT"; "$IPTABLES -P INPUT ACCEPT" would seem superfluous I grant. As in my first post I modded a TrinityOS firewall, that's how it came and it works just fine.
BTW, the servers on ports 20 21 22 & 80 are all on the firewall box. Regards Ross