Hi
I have redhat linux running on a pc with 2 cards
eth0 -> 203.197.xxx.xx
eth1 -> 202.141.xxx.28 netmask 255.255.255.248
both are live ip.

I need to send all request from the internet to port 80 and 443 of card eth0 to a machine (202.141.xxx.26) in the network of eth1 internally.

Please let me know how to do it (no firewall runs on this machine).

I have tried to use DNAT but I am new to it couldnot configure it. It will kind of any one it they can generate a script.
Thanks
Sanjib Gupta

i have added DNAT iptables status show
Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http to:202.141.xxx.26:80
DNAT tcp -- anywhere anywhere tcp dpt:http to:202.141.xxx.26:80

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination



but now when i try to access the http port(203.xxx.xxx.10) (from any other machine) it reply after much time as ERROR
but if i can directly do http to targeted ip(forwarded) from the machine(203.xxx.xxx.10) i can see the webpage.

Sanjib Gupta

You have asynchronous routing in place. Here's an example of the packet flow:


1. Packet comes into machine destined for port 80.
2. DNAT rule is matched immediately, setting the new destination to 202.141.xxx.26:80, source is untouched.
3. Packet is routed(assuming forwarding is enabled) to 204.141.xxx.26:80
4. Assuming 204.141.xxx.26 doesn't have it's default gateway set to this machine, the packet returns via the internet, never hitting this box again.

Now, sometimes this is acceptable, however since whatever is listening on port 80 will inevitably fork to another random port, your two machines will communicate directly bypassing your linux box.

To correct this, you need to rewrite the source address after the DNAT so that the packet will come back to your linux box, something like: