port forwarding working!

Subject: port forwarding working!
From: Mike Barsalou (mbarsalou@aidea.org)
Date: Mon Apr 29 2002 - 14:16:49 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Mike Barsalou: "Next obvious question"
• Previous message: James Zuelow: "Re: Redirect and masquerading"

OK here is what I had to do to make it work:

iptables -t nat -I PREROUTING -i <EXTINTERFACE> -p tcp -d <EXTIP> --dport 80
-j DNAT --to-destination <INTWEBSERVER>

iptables -t filter -I INPUT -i eth1 -p tcp -d <INTWEBSERVER> --dport 80 -j
ACCEPT

The first line will change the destination address of the packet to our
internal webserver before it gets to the INPUT chain of the filter table.

The next line allows that port to come into our firewall. In which case the
packet will end up at our internal webserver.

Yeehaa!

I did also have to tweek the httpd.conf file to respond with the correct
name (in my case an IP address) before it would work.

Mike

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Mike Barsalou: "Next obvious question"
• Previous message: James Zuelow: "Re: Redirect and masquerading"

This archive was generated by hypermail 2a23 : Mon Apr 29 2002 - 14:18:57 AKDT