Am 04. Jun, 2002 schwätzte Carl Parrish so:

> iptables -A FORWARD -p tcp -i $ext -dport 8081 -j ACCEPT

iptables -A FORWARD -p TCP -d $forwip --dport $forwport -j ACCEPT

> iptables -t nat -A PREROUTING -s $FIREWALL -dport 8081 -j DNAT --to $WEBSERVER:80

iptablees -A PREROUTING -t nat -p TCP -d $extip --dport $extport -j DNAT
--to $forwip:$forwport

That's is the format I got from FireStarter. It's working.

If you're testing from behind the firewall, then you need to add a rule
like:

iptables -A POSTROUTING -t nat -s $intnet -o $intif -d $intnet -j MASQUERADE

> (syntax may be a little off I'm trying to do this "on the fly")
>
> do I need to add this to the rules?
>
> iptables -A INPUT -p tcp -dport 8081 -j ACCEPT

I'm not using a rule like that.

My example variables use the following:

ext == external
int == internal
forw == where being forwarded to
ip == IP addy
net == CIDR addy
if == interface

ciao,

der.hans
-- 
#  https://www.LuftHans.com/
#  When you are tired of choosing the lesser of two evils,
#  Vote Cthulhu for President!