Mailing List Archive: RE: Port forwarding

Make sure you have rules in your FORWARD chain to allow the now forwarded
traffic to reach the internal machines.

-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org]On Behalf Of Patrick Nelson
Sent: Monday, July 23, 2001 10:43 PM
To: 'Derek Tam'
Cc: netfilter@lists.samba.org
Subject: RE: Port forwarding

Make sure the destination server has it's gateway set to the system running
the iptables dnat rules.

netfilter-admin@lists.samba.org wrote:
-----------------------------------
Hi,

I have installed RH 7.1 and ran the following iptables
command to forward request to another server.
However, it doesn't work. Can anybody tell me why?

$IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
$STATIC_IP -j DNAT --to-destination 192.168.0.20:25
$IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
$STATIC_IP -j DNAT --to-destination 192.168.0.20:80
$IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
$LAN_IP -j DNAT --to-destination 192.168.0.20:25
$IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
$LAN_IP -j DNAT --to-destination 192.168.0.20:80

$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
192.168.0.0/16 -j DROP
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
0.0.0.0/8 -j DROP
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
172.16.0.0/12 -j DROP

where $STATIC_IP is the internet ip address.

Thanks,

Derek

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

Thanks Darrell Dieringer, Patrick Nelson and those who
responded to my email.

It is because my FORWARD chain isn't setup properly.
It drops all packets from my $STATIC_IP. I have the
following rules for FORWARD chain and want know how I
can setup the FORWARD chain to allow port forward to
another host.

$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 3/minute
--limit-burst 3 -j LOG --log-level DEBUG --log-prefix
"IPT FORWARD packet died: "
$IPTABLES -P FORWARD DROP

Thanks,

Derek

--- Darrell Dieringer <netfilter@darrelldieringer.com>
wrote:
>
> Make sure you have rules in your FORWARD chain to
> allow the now forwarded
> traffic to reach the internal machines.
>
> -----Original Message-----
> From: netfilter-admin@lists.samba.org
> [mailto:netfilter-admin@lists.samba.org]On Behalf Of
> Patrick Nelson
> Sent: Monday, July 23, 2001 10:43 PM
> To: 'Derek Tam'
> Cc: netfilter@lists.samba.org
> Subject: RE: Port forwarding
>
>
>
> Make sure the destination server has it's gateway
> set to the system running
> the iptables dnat rules.
>
> netfilter-admin@lists.samba.org wrote:
> -----------------------------------
> Hi,
>
> I have installed RH 7.1 and ran the following
> iptables
> command to forward request to another server.
> However, it doesn't work. Can anybody tell me why?
>
> $IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
> $STATIC_IP -j DNAT --to-destination 192.168.0.20:25
> $IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
> $STATIC_IP -j DNAT --to-destination 192.168.0.20:80
> $IPTABLES -t nat -A PREROUTING -p TCP --dport 25 -s
> $LAN_IP -j DNAT --to-destination 192.168.0.20:25
> $IPTABLES -t nat -A PREROUTING -p TCP --dport 80 -s
> $LAN_IP -j DNAT --to-destination 192.168.0.20:80
>
> $IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
> 192.168.0.0/16 -j DROP
> $IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
> 0.0.0.0/8 -j DROP
> $IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s
> 172.16.0.0/12 -j DROP
>
> where $STATIC_IP is the internet ip address.
>
> Thanks,
>
> Derek
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute
> with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
>
>
>
>
>

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/