Firewall Help

Dallas Helquist plug-discuss@lists.plug.phoenix.az.us
20 Sep 2002 00:01:35 -0600


Some minor corrections.  <note to self, read before hitting send>
-----------------------------------------------------------------

Sorry for the delayed response.  Here's your answer, in an example.  

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 216.87.68.45 --dport 80
-j DNAT --to-destination 216.87.68.43:80

In this example, eth0 is my "external" interface.  The IP's in question
are routed to me.  eth0 does not have an address in that range, though
in theory it could with no problems.

216.87.68.45 is the "public" address people would try to go to.
The --to-destination could also be a private address, ie
--to-destination 192.168.99.1:80

You can muck with any of the above ports, ie public port 80 doesn't have
to go to internal port 80.  You can also specify a range of address's
for destination like 216.87.68.42-216.87.68.44.  

Let me know how it works. 

This will work on any linux distro that has iptables with the correct
modules/compiled in options.  Most stock distro's have them ready to go.