Re: nat and prerouting
On Sun, 03 Nov 2002 16:21:10 +0100 yoann <debian-yoann@ifrance.com> wrote:
> I have a machine on my private network with apache as well and I would
> like to have an access on this apache from the web, so I decide to route
> the connexion on the port 81 of my server on my computer so I can acces
> on this second web serveur with the address http://myserver:81/ but it
> doesn't work, I add this rules in firewall
>
> iptables -A PREROUTING -i eth0 -t nat -p tcp -d IpAddServer --dport 81 \
> -j DNAT --to-destination 192.168.0.2:80
>
> maybe i have to add others rules but I don't find them with google
> any idea ?
I use the following in my script for forwarding ports:
$IPTABLES -t filter -I FORWARD -p tcp -d $I_IP \
--dport $I_PORT -j ACCEPT && \
$IPTABLES -t nat -I POSTROUTING -p tcp -d $I_IP \
--dport $I_PORT -j ACCEPT && \
$IPTABLES -t mangle -I PREROUTING -p tcp -d $E_IP \
--dport $E_PORT -j ACCEPT && \
$IPTABLES -t nat -I PREROUTING -p tcp -d $E_IP --dport $E_PORT \
-j DNAT --to-destination "$I_IP:$I_PORT" && \
This should add the necessary accept rules to each chain that the packet
will traverse (assuming you are using filter, nat, and mangle tables).
--
Jamin W. Collins
Reply to: