Mark wrote:
Here are the relevant couple of fragments. There's more filtering than you would need as this is to forward to a LAN ssh server which is addressed on a non-standard port, another ssh server runs on the firewall itself, and I use outbound ssh to various destinations. This wouldn't apply to your situation. Note that the forwarding rule uses the IP address and port as already rewritten by the PREROUTING rule.-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joe wrote:Mark wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I just installed a new debian lenny server and now i am trying to forward all http request from my old debian etch installation to the new one. The statement i used was the following: iptables -t nat -A PREROUTING -p tcp --dport http -j DNAT \ - --to-destination <ip>:80 iptables -t nat -L gives the following: target prot opt source destination DNAT tcp -- anywhere anywhere tcp dpt:www to:<ip>:80 I'm not getting redirected when i try to access the server via a webbrowser.Do you also have the appropriate forwarding rule? My understanding is that after PREROUTING, a packet is submitted to the appropriate main path, in this case, the FORWARD one. Otherwise, the rule seems structurally similar to one of mine forwarding ssh, apart from mine also filtering by input interface and destination IP address to avoid ambiguity. The important bits are the same. If all else fails, stick in a few logging rules in appropriate places, a bit like 'print' statements while debugging programs.thank you for the answer. Do you have a sample?
. SSHsrv=$LANNet"101" SSHin2="xxxxx" . iptables -N fwd-in-OKiptables -A fwd-in-OK -p tcp --dport 22 -d $SSHsrv -j LOG --log-level debug --log-prefix "SSH internal accepted:"
iptables -A fwd-in-OK -p tcp --dport 22 -d $SSHsrv -j ACCEPT . . . . # Accept outbound forwarded packets as listed in fwd-out-OK iptables -A FORWARD -i $LanIF -j fwd-out-OK # Accept inbound forwarded packets as listed in fwd-in-OK iptables -A FORWARD -i $InetIF -j fwd-in-OK . .iptables -t nat -A PREROUTING -p tcp -i $InetIF -d $ExtIP --dport $SSHin2 -j DNAT --to-destination $SSHsrv:22
. -- Joe