Re: nat and prerouting

To: debian-firewall@lists.debian.org
Subject: Re: nat and prerouting
From: Jamin W.Collins <jcollins@asgardsrealm.net>
Date: Sun, 3 Nov 2002 10:27:16 -0600
Message-id: <20021103102716.7976b143.jcollins@asgardsrealm.net>
In-reply-to: <3DC53EE6.6040303@ifrance.com>
References: <3DC53EE6.6040303@ifrance.com>

On Sun, 03 Nov 2002 16:21:10 +0100 yoann <debian-yoann@ifrance.com> wrote:

> I have a machine on my private network with apache as well and I would 
> like to have an access on this apache from the web, so I decide to route
> the connexion on the port 81 of my server on my computer so I can acces 
> on this second web serveur with the address http://myserver:81/ but it 
> doesn't work, I add this rules in firewall
> 
> iptables -A PREROUTING -i eth0 -t nat -p tcp -d IpAddServer --dport 81 \
> 	 -j DNAT --to-destination 192.168.0.2:80
> 
> maybe i have to add others rules but I don't find them with google
> any idea ?

I use the following in my script for forwarding ports:

      $IPTABLES -t filter -I FORWARD -p tcp -d $I_IP \
         --dport $I_PORT -j ACCEPT && \
      $IPTABLES -t nat -I POSTROUTING -p tcp -d $I_IP \
         --dport $I_PORT -j ACCEPT && \
      $IPTABLES -t mangle -I PREROUTING -p tcp -d $E_IP \
         --dport $E_PORT -j ACCEPT && \
      $IPTABLES -t nat -I PREROUTING -p tcp -d $E_IP --dport $E_PORT \
         -j DNAT --to-destination "$I_IP:$I_PORT" && \

This should add the necessary accept rules to each chain that the packet
will traverse (assuming you are using filter, nat, and mangle tables).

-- 
Jamin W. Collins

Reply to:

References:
- nat and prerouting
  - From: yoann <debian-yoann@ifrance.com>

Prev by Date: Re: nat and prerouting
Next by Date: Re: nat and prerouting
Previous by thread: Re: nat and prerouting
Next by thread: Connecting 2 internet connections through one server
Index(es):
- Date
- Thread