LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 08-05-2007, 04:23 AM   #1
willyweedle
LQ Newbie
 
Registered: Jan 2007
Location: Arkansas
Distribution: Zenwalk as desktop, Zenlive as router, XP as game box
Posts: 19

Rep: Reputation: 0
incoming connections with iptables


Lets say I have 192.168.1.100 and 192.168.1.101 behind a router and that router is connected to eth0 on a linux box whose ip is 192.168.1.102. eth1 on that linux box is an address assigned to me by the isp. Here's a little diagram:

net
|
linuxbox
|
router
/\
/ \
0 1
I currently have iptables on that linux box configured like this:

#iptables -F; iptables -t nat -F; iptables -t mangle -F
#iptables -t nat -A POSTROUTING -j SNAT --to $assignedIP

(taken straight from ipmasquerading-simple of the HOWTOS)

This has been working fine, as long as the connections originate from the internal network (from eth0 of the linux box). What I want to know is how can I configure the linux box to accept incoming connections and transfer them to.. lets say 192.168.1.100?
 
Old 08-05-2007, 05:41 AM   #2
rupertwh
Member
 
Registered: Sep 2006
Location: Munich, Germany
Distribution: Debian / Ubuntu
Posts: 292

Rep: Reputation: 46
First: 192.168.1.100, .101, .102 are all on the same subnet, but .102 is on a different physical network. This shouldn't work at all.

Quote:
Originally Posted by willyweedle
#iptables -t nat -A POSTROUTING -j SNAT --to $assignedIP
This rule is applied to any packet, regardless of interface it comes in / goes out through or address it comes from / goes to. Is this really what you are using?

As to your question: What you are looking for is port forwarding. Add a PREROUTING rule to DNAT the packets and add a FORWARD rule to allow those packets through, e.g. to forward www:
Code:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.100
iptables -A FORWARD -i eth1 -p tcp --dst 192.168.1.100/32 --dport 80 -j ACCEPT
 
Old 08-05-2007, 02:33 PM   #3
willyweedle
LQ Newbie
 
Registered: Jan 2007
Location: Arkansas
Distribution: Zenwalk as desktop, Zenlive as router, XP as game box
Posts: 19

Original Poster
Rep: Reputation: 0
Thanks! Things are working like I want them to now, and yes, that's really how I have iptables configured.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there a way to queue incoming sftp connections? erktrek Linux - Server 4 11-10-2006 02:06 PM
Listening for incoming connections vital_101 Mandriva 9 09-20-2005 08:26 PM
Discovering the true IP of incoming connections fibbi Linux - Networking 2 06-14-2005 01:46 AM
restricting incoming connections, using sockets SoulSkorpion Programming 2 10-20-2004 03:15 AM
Sendmail and incoming connections mike_smith Linux - Networking 3 01-19-2004 06:05 PM


All times are GMT -5. The time now is 10:30 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration