[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Netfilter Port Forwarding Problem


You could try rules, like follow

#replace destination address in packets from outside clients to www
iptables -t nat -A PREROUTING -i $ifinet1 -p tcp --sport 1024:65535 -d $ipinet1 --dport 80 -j DNAT --to-destination

#permit syn-packets to www-server
iptables -A FORWARD -i $ifinet1 -o $iflocalnet -p tcp --sport 1024:65535 -d --dport 80 -m state --state NEW -j ACCEPT

#rule pair for ongoing connections
iptables -A FORWARD -i $iflocalnet -o $ifinet1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $ifinet1 -o $iflocalnet -m state --state ESTABLISHED,RELATED -j ACCEPT

I think that it will help.


2007/4/28, Makara <kingofyuri@yahoo.com>:
Hi all,

I have 2 internet connections ip $ipinet1 for other
traffics and $ipinet2 for mail it works properly.
I want to allow the connection from internet connect
to my local web server( via $ipinet1 so I
do port forwarding

iptables -A PREROUTING -t nat -i $ifinet1  -d $ipinet1
-p tcp --dport 80 -j DNAT  --to

I allow FORWARD Rule from firewall to my local

iptables -A FORWARD -m state --state

iptables -A FORWARD -p tcp --dport 80 -i $ifinet1 -o
$iflocalnet -j ACCEPT

I don't know why it does work? if you have any idea
please help.


Reply to: