[lug] quick iptables rule question
Jeff Schroeder
jeff at neobox.net
Wed Nov 19 10:31:42 MST 2003
Ryan asked:
> will:
>
> iptables -A PREROUTING -t nat -p tcp --sport 9090 --dport 80 -j DNAT
> --to-destination 192.168.0.0
>
> forward port 9090 to port 80 on the internal box?
I don't think so. Those --sport and --dport arguments are going to
match incoming packets from remote port 9090, destined for local port
80.
What you want is probably
iptables -A PREROUTING -t nat -p tcp --dport 9090 --to 192.168.0.0:80 -j
DNAT
Note that here the destination port (from the remote machine) is 9090,
meaning it's connecting to 9090 on your (presumably) firewall. Then
you're redirecting it (--to) to the internal box on port 80 (note
the :80 after the IP address).
There are probably other ways to do this in iptables, but that should
work.
HTH,
Jeff
More information about the LUG
mailing list