Re: iptables nat forwarding
I was messing with this a bit also. I have this:
/sbin/iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 80 -j DNAT --to-destination 192.168.0.2:80
>From the firewall (192.168.0.1) I can do this:
{0}:wally:/etc/init.d>telnet 192.168.0.2 80
Trying 192.168.0.2...
Connected to 192.168.0.2.
Escape character is '^]'.
^]
telnet> close
Connection closed.
{1}:wally:/etc/init.d>telnet 67.165.192.199 80
Trying 67.165.192.199...
telnet: Unable to connect to remote host: Connection refused
{0}:wally:/etc/init.d>telnet 192.168.0.1 80
Trying 192.168.0.1...
telnet: Unable to connect to remote host: Connection refused
Thoughts?
Thus spake Hereward Cooper (zadok@phreaker.net):
> Hi,
> Could someone please tell me why this command won't forward any www calls to 192.168.1.1 (firewall + gateway) to 192.168.1.2 (apache server).
>
> iptables -t nat -A PREROUTING -p TCP --dport 80 -j DNAT --to-destination 192.168.1.2:80
>
>
> What I can't figure is why that doesn't work, when the following command does work to forward all external ssh requests from the gateway, to the apache machine.
>
> iptables -t nat -A PREROUTING -p TCP -i ippp0 --dport 22 -j DNAT --to-destination 192.168.1.2:22
>
> Thanks,
>
> Hereward
>
> --
>
> GPG Public Key @
> ----: http://www.zadok.uklinux.net/ :----
> "Love is Hate. War is Peace. Windows is Stable?"
> "I can bend minds with my spoon"
> "Life is short and hard, kind of like a bodybuilding elf"
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
:wq!
---------------------------------------------------------------------------
Robert L. Harris | Micros~1 :
Senior System Engineer | For when quality, reliability
at RnD Consulting | and security just aren't
\_ that important!
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
FYI:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
Reply to: