More iptables questions
der.hans
plug-discuss@lists.plug.phoenix.az.us
Tue, 4 Jun 2002 15:36:44 -0700 (MST)
Am 04. Jun, 2002 schwätzte Carl Parrish so:
> iptables -A FORWARD -p tcp -i $ext -dport 8081 -j ACCEPT
iptables -A FORWARD -p TCP -d $forwip --dport $forwport -j ACCEPT
> iptables -t nat -A PREROUTING -s $FIREWALL -dport 8081 -j DNAT --to $WEBSERVER:80
iptablees -A PREROUTING -t nat -p TCP -d $extip --dport $extport -j DNAT
--to $forwip:$forwport
That's is the format I got from FireStarter. It's working.
If you're testing from behind the firewall, then you need to add a rule
like:
iptables -A POSTROUTING -t nat -s $intnet -o $intif -d $intnet -j MASQUERADE
> (syntax may be a little off I'm trying to do this "on the fly")
>
> do I need to add this to the rules?
>
> iptables -A INPUT -p tcp -dport 8081 -j ACCEPT
I'm not using a rule like that.
My example variables use the following:
ext == external
int == internal
forw == where being forwarded to
ip == IP addy
net == CIDR addy
if == interface
ciao,
der.hans
--
# https://www.LuftHans.com/
# When you are tired of choosing the lesser of two evils,
# Vote Cthulhu for President!