[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
----- Original Message ----- From: "Andrew Rogers" <andrew@xxxxxxxxxxxxxxxx> To: <list@xxxxxxxxxxxx> Sent: Wednesday, November 05, 2003 2:35 PM Subject: [LUG] IP Tables - Port Forwarding > Can anyone help with an iptables rule for the following setup: > > Firewall with Internet IP 222.222.222.222 (for example, I forgot the > actual IP!) and LAN IP 10.0.0.1 > A server with LAN IP 10.0.0.2 listening on TCP port 80 > Another server with LAN IP 10.0.0.3 listening on TCP port 80 > > I want to type a URL into a browser so that: > http://222.222.222.222:80 should give me the webpage from the Firewall > http://222.222.222.222:81 should give me the webpage from server > 10.0.0.2 port 80 > http://222.222.222.222:82 should give me the webpage from server > 10.0.0.3 port 80 > > I already have IP Masq working, and I think iptables can do the above > with the correct rule. > iptables -t nat -A PREROUTING -p tcp -s ! 10.0.0.0/255.0.0.0 -i EXT_INT --dport 80 -j DNAT --to 10.0.0.1:80 iptables -t nat -A PREROUTING -p tcp -s ! 10.0.0.0/255.0.0.0 -i EXT_INT --dport 81 -j DNAT --to 10.0.0.2:80 iptables -t nat -A PREROUTING -p tcp -s ! 10.0.0.0/255.0.0.0 -i EXT_INT --dport 82 -j DNAT --to 10.0.0.3:80 You could always drop the -s ! (accept if source is) rule, i find it stops loops from occuring. And use -s 222.222.222.222 and drop out the -i (interface) EXT_INT Being the external interface on your firewall Also don't forget to enable ip_forwarding. The above rules are also assuming you have allowed input rules for the respective ports as well. Hope that works or Helps Luke -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.