RE: Trying to forward port 80 to a different IP address

[Scott Adamson]

I have tried this, it doesn't seem to work. I believe that forwarding should be enabled on all interfaces because at this stage I have ACCEPT as the default for forwarding. Is there anything else besides iptables needed for this to work ? I can't understand how it knows that PORTFWIP is reached via eth1(internal interface). ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Scott Adamson" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, February 25, 2002 11:46 PM Subject: Re: Trying to forward port 80 to a different ip address > Hi, > > I think you should try the following, it works fine form me: > > iptables -t nat -A PREROUTING -p tcp -d $IPADDR --dport 80 -j DNAT --to $PORTFWIP:80 > iptables -A FORWARD -i $EXTERNAL_INTERFACE -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -p tcp -d $PORTFWIP --dport 80 -i $INTERNAL_INTERFACE -j ACCEPT > > you have to enable forwarding for your internal interface too, because it > will be blocked if your default policies are set to drop. > > Best Regards, > MfG. > > Stefan Walther > [EMAIL PROTECTED] > [EMAIL PROTECTED] > dienst.: +4930/89786448 > Funk: +49172/3943961 > > > > > "Scott Adamson" <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 25.02.2002 13:37 > > >         To:     <[EMAIL PROTECTED]> >         cc: >         Subject:        Trying to forward port 80 to a different ip address > > > My setup is as follows: > > eth0 - > address     203.89.239.135 > broadcast  203.89.239.255 > mask        255.255.255.0 > > eth1 - > address    192.168.0.81 > broadcast 192.168.0.255 > mask        255.255.255.0 > > > eth1 is connected via a crossover cable to 192.168.0.51, which is the web > server. > I'm trying to get iptables to forward www requests coming in to > 203.89.239.135 to > this second machine at 192.168.0.51. I have read the howto on linuxdoc, > plus the one on the netfilter site, they say to add something like > > > EXTERNAL_INTERFACE="eth0" > INTERNAL_INTERFACE="eth1" > IPADDR="203.89.239.135" > IPADDR_INT="192.168.0.81" > > PORTFWIP="192.168.0.51" > >     $IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p > tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT > >     $IPTABLES -A PREROUTING -t nat -p tcp -d $IPADDR --dport 80 -j DNAT > --to $PORTFWIP:80 > The packets seem to get redirected, as they don't go to the server at > 203.89.239.135, they go nowhere. Can someone assist > with this, I have have found little information on the web except for > 'just put in this PREROUTING line and it works great!' kind > of useless information. What else  is required to get this to work ? > > > >