iptables port forwarding

To: debian-firewall@lists.debian.org
Subject: iptables port forwarding
From: Vesa Salento <vsalento@cc.hut.fi>
Date: Mon, 11 Nov 2002 16:13:59 +0200 (EET)
Message-id: <Pine.OSF.4.44.0211111602280.7395-100000@kosh.hut.fi>

Hi,

I'd like to know whether it is possible to do this kind of thing with
iptables. I'd like to configure my firewall/router so that all the packets
to the port 80 from the Internet (from specific addresses) are forwarded
automatically to the ssh-port on another host on the Internet (not on my
home lan).

This would be needed so that shell access would be possible even in an
environment where firewall blocks all the other ports than 80. I could
solve the problem by binding SSH to listen that port but I'd like to have
a solution where the packets wouldn't get past the firewall and no access
would be necessary to my Linux box.

I already have NAT working for my home LAN but I don't fully understand
how all those post/prerouting things work. And can I mangle packets and
then send them back to the same interface where they came from?

-- 
Vesa Salento

Reply to:

Follow-Ups:
- Re: iptables port forwarding
  - From: Siraj 'Sid' Rakhada <sid@mindless.co.uk>
- Re: iptables port forwarding
  - From: Vineet Kumar <debian-security@virtual.doorstop.net>

Prev by Date: Re: arp magic
Next by Date: Re: iptables port forwarding
Previous by thread: Re: Netfilter & Fragments
Next by thread: Re: iptables port forwarding
Index(es):
- Date
- Thread