Re: Port Forwarding

To: debian-firewall@lists.debian.org
Subject: Re: Port Forwarding
From: Nathan Barham <nathan@sleepygeek.com>
Date: Thu, 26 Feb 2004 10:12:25 -0800
Message-id: <[🔎] 403E3709.1050500@sleepygeek.com>
In-reply-to: <[🔎] NEBBLIHNGLCBFOKECLHAIEKBCEAA.sauglatt@gmx.ch>
References: <[🔎] NEBBLIHNGLCBFOKECLHAIEKBCEAA.sauglatt@gmx.ch>

Dominique Benz wrote:

Hello List!

I'm a little new in the world of iptables and could need some advice
concerning a simple Port Forwarding. I created s basic rule set as described
in common howtos and the internet:

# iptables -A FORWARD -i eth0 -p tcp --dport port -j ACCEPT
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport port -j DNAT --to
local_ip:port

My FORWARD CHAIN contains two further entries (they actually don't affect
the above rules):

# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED
-j ACCEPT

Assuming port forwarding is turned on . . . for reference, here arerules for forwarding incoming SMTP which work for me. They look a lotlike yours.


# PREROUTING

$IPTABLES -t nat -A PREROUTING -p tcp -i $EXT_IF -d $SMTP_IP --dport 25-j DNAT --to-destination $DMZ_SMTP_IP



#FORWARD
# Let already established forwarded conversations continue.
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A FORWARD -i $EXT_IF -o $DMZ_IF -p tcp -d $DMZ_SMTP_IP--dport 25:25 -j ACCEPT

Reply to:

References:
- Port Forwarding
  - From: "Dominique Benz" <sauglatt@gmx.ch>

Prev by Date: Re: howto block ports
Next by Date: I'm chinese I want to get help about iptables
Previous by thread: Re: Port Forwarding
Next by thread: Re: Port Forwarding
Index(es):
- Date
- Thread