Port forwarding
David Hoffman
dhoffman_98 at yahoo.com
Tue Jan 18 16:24:05 UTC 2005
--- Andy <ag1234 at carmen.se> wrote:
> Hi,
>
> Jari Marikainen wrote:
> > I would like to forward incoming traffic from internet to
> > "<195.198.111.x> port 80" to "<some other ip on the internet> port
> 80"
> > in FC3 on the same interface.
>
> I would try the DNAT/SNAT iptables targets, along the lines of:
> iptables -t nat -A PREROUTING -p tcp --dport 80 -d 195.198.111.x \
> -j DNAT --to-destination 65.114.4.69
> iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 65.114.4.69 \
> -j SNAT --to-source <your external IP address on this machine>
>
> The second line makes the real server send it's replies through the
> same
> path (otherwise it will reply directly to the client)
>
> You have to enable/allow forwarding for everything to work.
>
> hth,
> /Andy
>
Are you sure? If I read the original note correctly, he wants to have
his machine see an incoming packet on one interface, and then forward
it to another address on the SAME interface. And he specifically said
that he wants to catch traffic coming FROM the internet and forward it
TO a different address, also on the internet.
That's not port-forwarding, that's redirection, and it is best handled
by setting up Apache to recognize the incoming connection, and then
setting a REDIRECT which sends a message back to the client to tell it
to go look somewhere else.
Unless he has a multi-homed system with more than one interface on the
internet, I'm not sure that forwarding/routing will work.
Am I wrong?
David
__________________________________
Do you Yahoo!?
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com
More information about the users
mailing list