by Spee » Sat, 01 Dec 2001 20:07:27
For instance, my RedHat 7.2 box has 2 NIC:
eth0=1.2.3.4(externet ip)
eth1=10.1.1.1(internal ip)
Another MS IIS web server=10.1.2.1
I tried to use iptables to do redirect http://1.2.3.4 to above
internal web server but failed. I used the following script:
iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 80 -j
DNAT --to-destination 10.1.2.1:80
Anybody can give me an useful script to allow me to do so?
Thanks in advance
Willie
by Cedric Blanche » Sat, 01 Dec 2001 20:19:28
Maybe you should add -d 1.2.3.4 (external IP).Quote:> For instance, my RedHat 7.2 box has 2 NIC:
> eth0=1.2.3.4(externet ip)
> eth1=10.1.1.1(internal ip)
> Another MS IIS web server=10.1.2.1
> I tried to use iptables to do redirect http://1.2.3.4 to above
> internal web server but failed. I used the following script:
> iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 80 -j
> DNAT --to-destination 10.1.2.1:80
Are your FORWARD rules convenient for this stuff ? I mean, do you haveQuote:> Anybody can give me an useful script to allow me to do so?
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state NEW -p tcp -d 10.1.2.1 --dport 80 \
-i eth0 -o eth1 -j ACCEPT
Otherwise, DNAT will be OK, but packets will be dropped by FORWARD
chain.
--
BC> je ne fais rire que les dinos
Mais vous faites gerber tous les autres.
-+-AC in <http://neuneu.mine.nu> : Dp?t de gerbe -+-
by Spee » Sun, 02 Dec 2001 22:24:02
Hi,Quote:>>iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 80 -j
> DNAT --to-destination 10.1.2.1:80
> Maybe you should add -d 1.2.3.4 (external IP).
> > Anybody can give me an useful script to allow me to do so?
> Are your FORWARD rules convenient for this stuff ? I mean, do you have
> ACCEPT policy or such rules :
> iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
> iptables -A FORWARD -m state --state NEW -p tcp -d 10.1.2.1 --dport 80 \
> -i eth0 -o eth1 -j ACCEPT
> Otherwise, DNAT will be OK, but packets will be dropped by FORWARD
> chain.
I entered the following command after reboot, but still failed.....
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state NEW -p tcp -d 10.1.2.1 --dport 80 \
-i eth0 -o eth1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp -d 1.2.3.4 --dport 80 -j \
DNAT --to 10.1.2.1:80
Is there something I still missed?
Please help~~~
Best Regards,
Willie
1. FTP server behind linux firewall communicating w/ FTP behind linux firewall
I have a Windows-based FTP server (G6) behind a linux firewall box
running ipchain and ipmasqadm portfw rules to enable communication
with the out side world. I can connect to this server from the
outside, but PASV doesn't work. I have rules that allow ports above
1023 for the PASV traffic and I also had put the FTP server on a
haigher port other than 21. I portfw'd the same port through to the
internal Windows machine running the ftp server as well as forwarding
the ftp-data. I have the ip_masq_ftp module loaded. I'm not sure why
PASV doesn't work.
Also, the other thing I'm trying to get working is communicating with
this same FTP server from a client within another linux-firewalled
(also using ipchains and portfw rules) LAN. I can connect, but can't
get any data transfers going, including directory listings, using
either PASV or regular FTP. I'm not sure if I should be forwarding
ftp-data to the internal machine running the ftp client.
What I ultimately want to do is be able to connect from a client
within on linux firewalled LAN to an ftp server inside another linux
firewalled LAN on a non-standard port and using PASV if possible. Any
help would be appreciated.
3. Trouble accessing Outlook Web Access from behind iptables firewall
4. Stange NIC probloems - SMC EtherChip (83c790)
5. Can't reach MS VPN server behind IPTABLES firewall
7. Half life server behind Linux NAT iptables firewall
8. filemanager/ftp client recommendations?
9. Problem with iptables and Web server behind fire wall
10. PPTP Server behind 2.4 Kernel Iptables Firewall
11. FTP server behind an iptables firewall.
12. Multiple web servers behind iptables
13. Problem using iptables and web server behind fire wall