Re: Netfilter Port Forwarding Problem

Andrey Kozlov Sat, 28 Apr 2007 13:19:50 -0700

Hello!

You could try rules, like follow


#replace destination address in packets from outside clients to www
iptables -t nat -A PREROUTING -i $ifinet1 -p tcp --sport 1024:65535 -d
$ipinet1 --dport 80 -j DNAT --to-destination 172.16.0.4

#permit syn-packets to www-server
iptables -A FORWARD -i $ifinet1 -o $iflocalnet -p tcp --sport 1024:65535 -d
172.16.0.4 --dport 80 -m state --state NEW -j ACCEPT

#rule pair for ongoing connections
iptables -A FORWARD -i $iflocalnet -o $ifinet1 -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $ifinet1 -o $iflocalnet -m state --state
ESTABLISHED,RELATED -j ACCEPT

I think that it will help.

Bye.

2007/4/28, Makara <[EMAIL PROTECTED]>:


Hi all,

I have 2 internet connections ip $ipinet1 for other
traffics and $ipinet2 for mail it works properly.
I want to allow the connection from internet connect
to my local web server(172.16.0.4) via $ipinet1 so I
do port forwarding

iptables -A PREROUTING -t nat -i $ifinet1  -d $ipinet1
-p tcp --dport 80 -j DNAT  --to 172.16.0.4:80

I allow FORWARD Rule from firewall to my local
webserver

iptables -A FORWARD -m state --state
RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -p tcp --dport 80 -i $ifinet1 -o
$iflocalnet -j ACCEPT

I don't know why it does work? if you have any idea
please help.

Thanks

Re: Netfilter Port Forwarding Problem

Reply via email to