[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables natting



> | iptables -A FORWARD -i eth0 -o eth1 -d 192.168.0.10 -p tcp -j ACCEPT
> |
> | iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT
> | --to-destination 192.168.0.10
>
> Change this to:
>
> iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 8080 -d YOURPUBLICIP
> -j DNAT --to-destination 192.168.0.10
>
> which will apply the rule only to incoming connections to your public IP.

Ok, that's changed.

>
> 192.168.0.10 is trying to make a connection to 192.168.0.10 on port 8080
> and that's being rejected by your firewall.  Is 192.168.0.10 on the same
> machine as the firewall?
>

No it's a different machine to the firewall and isn't running iptables itself. 
That's why I don't understand why it doesn't work. The message appears on the 
server machine and eth1 is the internal interface.

Any attempt to contact http://publicipaddress:8080/ is rejected if it comes 
from inside my network but works fine if the connection comes from outside.

-- 

 .¸¸.·´¯`·.¸¸.·´¯`· Shallow Sea Aquatics .¸¸.·´¯`·.¸¸.·´¯`·
 .¸¸.·´¯`·.¸¸.·´¯ http://www.shallowsea.com ¸.·´¯`·.¸¸.·´¯`



Reply to: