Re: iptables port forwarding
--On 11 November 2002 16:13 +0200 Vesa Salento <firstname.lastname@example.org> wrote:
I'd like to know whether it is possible to do this kind of thing with
iptables. I'd like to configure my firewall/router so that all the packets
to the port 80 from the Internet (from specific addresses) are forwarded
automatically to the ssh-port on another host on the Internet (not on my
Yes, I use this functionality at the moment, port 443 forwarded to
something else :)
This would be needed so that shell access would be possible even in an
environment where firewall blocks all the other ports than 80. I could
solve the problem by binding SSH to listen that port but I'd like to have
a solution where the packets wouldn't get past the firewall and no access
would be necessary to my Linux box.
Here is the rule you want, I believe:
iptables -t nat -A PREROUTING -i ethX -p tcp -d <your firewall ip> --dport
80 -j DNAT --to <actual server running ssh:22>
I live behind such a fascist firewall, but as I don't use port 443 on my
home lan, I have redirected that host to elsewhere. It's probably better
anyway, as some sites trap port 80 traffic and make it go via a web proxy
(though the 443 solution is not immune either).
I already have NAT working for my home LAN but I don't fully understand
how all those post/prerouting things work. And can I mangle packets and
then send them back to the same interface where they came from?
I think so, but I am not sure.