Re: IPTables Port Forwarding

To: debian-user@lists.debian.org
Subject: Re: IPTables Port Forwarding
From: John L Fjellstad <john-debian@fjellstad.org>
Date: Fri, 02 Mar 2007 21:29:49 -0800
Message-id: <[🔎] 87649i28tu.fsf@fjellstad.org>
References: <[🔎] 004501c75c33$f6cdabf0$01a8a8c0@sempron>

Johnno <valentine@xtra.co.nz> writes:

> Hello
>
> Need a little bit of help here...  eth1 = Internet, eth0 = LAN, will
> this work?
>
> iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j DNAT --to
> 192.168.1.50:80
> iptables -A INPUT -p tcp -m state --state NEW --dport 80 -i eth1 -j ACCEPT
>
> Anything on port 80 to goto a internal server on ip 192.168.1.50

Been awhile since I played with forwarding.  One thing to remember
is to turn on forwarding in the kernel (/proc/sys/net/ipv4/ip_forward,
if you have ipv6, you need to do something similar).

Also, I'm not sure you need the second rule. I think it gets rerouted
before it gets to the INPUT chain if you route it in the PREROUTING
chain.  But if you do need the INPUT chain, then the rule should
probably not have the state directive (otherwise, all packages not set
to NEW, which is basically all packages after the first one, will be
dropped or whatever the policy is)

-- 
John L. Fjellstad
web: http://www.fjellstad.org/          Quis custodiet ipsos custodes

Reply to:

Follow-Ups:
- Re: IPTables Port Forwarding
  - From: "Giacomo Montagner" <mantager@gmail.com>

References:
- IPTables Port Forwarding
  - From: Johnno <valentine@xtra.co.nz>

Prev by Date: Re: etch installer hanging on packages
Next by Date: Re: Sarge on Compaq Proliant 1850R with PCI video card
Previous by thread: IPTables Port Forwarding
Next by thread: Re: IPTables Port Forwarding
Index(es):
- Date
- Thread