[lug] quick iptables rule question
Ryan Wheaton
ryan.wheaton at comcast.net
Wed Nov 19 10:41:47 MST 2003
I was just looking through some stuff, and figured that the --to
192.168.0.0:80 is how to do it. Thanks a bunch for your help.
-r
On Wednesday, Nov 19, 2003, at 10:31 America/Denver, Jeff Schroeder
wrote:
> Ryan asked:
>
>> will:
>>
>> iptables -A PREROUTING -t nat -p tcp --sport 9090 --dport 80 -j DNAT
>> --to-destination 192.168.0.0
>>
>> forward port 9090 to port 80 on the internal box?
>
> I don't think so. Those --sport and --dport arguments are going to
> match incoming packets from remote port 9090, destined for local port
> 80.
>
> What you want is probably
>
> iptables -A PREROUTING -t nat -p tcp --dport 9090 --to 192.168.0.0:80
> -j
> DNAT
>
> Note that here the destination port (from the remote machine) is 9090,
> meaning it's connecting to 9090 on your (presumably) firewall. Then
> you're redirecting it (--to) to the internal box on port 80 (note
> the :80 after the IP address).
>
> There are probably other ways to do this in iptables, but that should
> work.
>
> HTH,
> Jeff
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list