Re: Netfilter Port Forwarding Problem

["Andrey Kozlov" <unrealbox@gmail.com>]

Hello!

You could try rules, like follow

#replace destination address in packets from outside clients to www
iptables -t nat -A PREROUTING -i $ifinet1 -p tcp
         --sport 1024:65535 -d $ipinet1 --dport 80 -j DNAT --to-destination 172.16.0.4

#permit syn-packets to www-server
iptables -A FORWARD -i $ifinet1 -o $iflocalnet -p tcp --sport 1024:65535 -d 
172.16.0.4 --dport 80
         -m state --state NEW -j ACCEPT

#rule pair for ongoing connections
iptables -A FORWARD -i $iflocalnet -o $ifinet1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $ifinet1 -o $iflocalnet -m state --state ESTABLISHED,RELATED -j ACCEPT

I think that it will help.

Bye.

2007/4/28, Makara <kingofyuri@yahoo.com>:

Hi all,

I have 2 internet connections ip $ipinet1 for other
traffics and $ipinet2 for mail it works properly.
I want to allow the connection from internet connect
to my local web server( 172.16.0.4) via $ipinet1 so I
do port forwarding

iptables -A PREROUTING -t nat -i $ifinet1  -d $ipinet1
-p tcp --dport 80 -j DNAT  --to 172.16.0.4:80

I allow FORWARD Rule from firewall to my local
webserver

iptables -A FORWARD -m state --state
RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -p tcp --dport 80 -i $ifinet1 -o
$iflocalnet -j ACCEPT

I don't know why it does work? if you have any idea
please help.

Thanks