iptables and NAT
Jatin K
ssh.fedora at gmail.com
Tue Jan 25 13:30:45 UTC 2011
On Tuesday 25 January 2011 06:16 PM, Jorge Fábregas wrote:
> On 01/25/2011 08:17 AM, Jatin K wrote:
>> but server is not forwarding the packets to the web server
> Besides the NAT rule, you'll need a forward rule (as that traffic is not
> for the machine hosting the firewall). I think you'll need something like:
>
> iptables -A FORWARD -d 192.168.131.131 -p tcp --dport 80 -j ACCEPT
>
> ...and of course check the firewall on the web-server to allow incoming
> TCP/80.
>
> --
> Jorge
I've done the following
[1] echo 1 > /proc/sys/net/ipv4/ip_forward ( enabled ip forwarding )
[2] iptables -A FORWARD -d 192.168.131.131 -p tcp --dport 80 -j ACCEPT
[3] iptables -t nat -A PREROUTING -d xx.xx.xx.xx -p tcp --dport 80 -j
DNAT --to-destination 192.168.131.131
port 80 is opened on the web server I'm able to access the web -page
from internal systems as well as from the firewall it self through elinks
but not able to access the web-page from Internet ( means firewall
system is not forwarding the packets to the web server )
I've also tried following rule in firewall for SNAT
iptables -t nat -A POSTROUTING -s 192.168.131.131 -j SNAT --to-source
xx.xx.xx.xx
but it fails
what do I need to check further .... what other configuration do I need ??
Thnx
--
°v°
/(_)\
^ ^ Jatin Khatri
Registerd Linux user No #501175
www.counter.li.org
No M$
More information about the users
mailing list