Nat Prerouting
I want to host a webserver and ftp server within my network but only have 1 REAL ipaddress i want to prerout to them but i encountered a problem with the FTP part when prerouting the interface i could not connect to ftp outside of my network and ideas on howto prerout only incoming connections on a certain ipaddress?
thanks |
A sample code that forwards connections made to your nat-computers' ftp-port from the interface IF_INET to the ip 192.168.1.11.
Code:
IF_INET="your internet interface, like eth0" |
And the other question about limiting the scope of the rule to certain ip addresses (not only by interface as done above): "--source" does the job.
Something like Code:
iptables --append FORWARD --source evil.bastard.somewhere.inter.net --jump DROP |
what about HTTP?
same thing just replace ftp with http or port 80? 8080? |
That's correct. You can use service names (found in /etc/services) or raw port numbers in the iptables port matching patterns.
|
ok when i goto the ip of the NAT in the broser it still goes to the web pages set up on the NAT... i set them up there to see what page would load...when i goto the ip of the web server the corect page is shown....
from inside the nat on the 192.168 network i cannot goto the ip of the NAT it times out.... which.... "i think" is becuase its prerouting something somewhere else i will try flushing nat and and going to the addr with out prerouting to see if it times out.... |
All times are GMT -5. The time now is 01:12 AM. |