[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
Thanks----- Original Message ----- From: "Andrew Rogers" <andrew@xxxxxxxxxxxxxxxx> To: <list@xxxxxxxxxxxx> Sent: Wednesday, November 05, 2003 2:35 PM Subject: [LUG] IP Tables - Port Forwarding
Can anyone help with an iptables rule for the following setup:
Firewall with Internet IP 222.222.222.222 (for example, I forgot the actual IP!) and LAN IP 10.0.0.1 A server with LAN IP 10.0.0.2 listening on TCP port 80 Another server with LAN IP 10.0.0.3 listening on TCP port 80
I want to type a URL into a browser so that: http://222.222.222.222:80 should give me the webpage from the Firewall http://222.222.222.222:81 should give me the webpage from server 10.0.0.2 port 80 http://222.222.222.222:82 should give me the webpage from server 10.0.0.3 port 80
I already have IP Masq working, and I think iptables can do the above with the correct rule.
iptables -t nat -A PREROUTING -p tcp -s ! 10.0.0.0/255.0.0.0 -i EXT_INT --dport 80 -j DNAT --to 10.0.0.1:80 iptables -t nat -A PREROUTING -p tcp -s ! 10.0.0.0/255.0.0.0 -i EXT_INT --dport 81 -j DNAT --to 10.0.0.2:80 iptables -t nat -A PREROUTING -p tcp -s ! 10.0.0.0/255.0.0.0 -i EXT_INT --dport 82 -j DNAT --to 10.0.0.3:80
You could always drop the -s ! (accept if source is) rule, i find it stops loops from occuring. And use -s 222.222.222.222 and drop out the -i (interface)
EXT_INT Being the external interface on your firewall
Also don't forget to enable ip_forwarding.
The above rules are also assuming you have allowed input rules for the respective ports as well.
Hope that works or Helps
Luke
-- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.
-- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.