hello,
i did a different approach, but it may help you. i wrote a portforwarding
init.d script, that is started/stopped after ipmasq.
-BEG-----/etc/init.d/portforwarding---------
#! /bin/sh
#
# portforwading : sets up portforwarding from outer world to the lan machines
#
# 2003 Petschy
# args : srcip dstip dstport todstip todstport
function portforward
{
iptables -t nat -A PREROUTING -p tcp --source $1 --destination $2 \
--destination-port $3 -j DNAT --to-destination $4:$5
echo " $1 -> $2:$3 -> $4:$5"
}
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=portforwarding
set -e
case "$1" in
start)
echo "Starting port forwarding"
# two hostware machines to the polus palace db server port 3050
portforward ....
echo "Done."
;;
stop)
echo -n "Stopping port forwarding : flushing PREROUTING chain"
iptables -t nat -F PREROUTING
echo "."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop}" >&2
exit 1
;;
esac
exit 0
-END-----/etc/init.d/portforwarding---------
i update only the PREROUTING chain, while you update the FORWARD chain,
too. why is that needed? did i miss something?
cheers, petschy
> $IPTABLES -A PREROUTING -t nat -p tcp -d $IPOFIF --dport <port> -j DNAT
> --to-destination 10.0.0.2:<port>
>
> $IPTABLES -A FORWARD -p tcp -d $IPOFIF --dport <port> -m sate --state
> NEW -j ACCEPT
