Hi friends,
Few days back I was trying to setup DNAT on to my internal network and
searched around for the tips. Few articles I found were having details
about setting up a PREROUTING and POSTROUTING rule to do that.
http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-10.html
But I feel that will work in case the default policies are ACCEPT
specially for FORWARD.
I'm sharing the rules, I've setuped to get the DNAT working for
internal network, in case the default policies are DROP.
I request other gurus to improve the tip.
----------------------------
STEP 1:
iptables -t nat -a PREROUTING -d <<external_ip_address>> -p tcp --dport
<<port_no>> -j DNAT --to <<internal_ip_address>>
STEP 2:
iptables -A FORWARD -p tcp -o <<internal_interface>> -d
<<internal_ip_address>> --dport <<port_no>> -j ACCEPT
iptables -A FORWARD -p tcp -o <<internal_interface>> -s
<<internal_ip_address>> --sport <<port_no>> -j ACCEPT
STEP 3:
iptables -t nat -A POSTROUTING -o <<internal_interface>> -s
<<internal_network>> -d <<internal_ip_address>> -j SNAT --to
<<firewall_machine_ip_address>>
NOTE: Step 1 and 2 will be replicated for every port.
----------------------------
I hope the tip would be useful.
(Saksham | Shailesh) Mathur
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid�0709&bid&3057&dat�1642
_______________________________________________
linux-india-help mailing list
linux-india-help@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-india-help
