[lug] problems with port forwading to internal address
Hugh Brown
hugh at vecna.com
Sun Jun 2 06:17:01 MDT 2002
On Mon, 2002-05-13 at 15:56, Calvin Dodge wrote:
> I'm trying to set up port forwarding for a client. He wants web requests to a specific IP address to be forwarded to an internal machine.
>
> I have the following script:
>
> /sbin/iptables -A FORWARD -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
> /sbin/iptables -A PREROUTING -t nat -i eth1 -o eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.29:80
> /sbin/iptables -A FORWARD -p tcp --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
> /sbin/iptables -A PREROUTING -t nat -i eth1 -o eth0 -p tcp --dport 443 -j DNAT --to 192.168.1.29:443
>
> If I understand correctly, the above lines _should_ forward port 80 and 443 requests to 192.168.1.29, but they don't.
> IP forwarding is enabled on this system (and it functions quite nicely as the typical IP masquerader).
> I've tried different permutations of the above lines, but nothing I do seems to work (the internal site does work, BTW).
>
> Is there something I'm missing here?
>
> FWIW, this system runs Red Hat 7.2 with up-to-date patches.
>
> Calvin
I didn't see an answer to this (which means I may have deleted it), but
I did see this rule on the web as I was looking for something else. I
haven't actually tried it but it might be worth something.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
192.168.1.29:80
FWIW,
Hugh
More information about the LUG
mailing list