Nat Prerouting
 

I want to host a webserver and ftp server within my network but only have 1 REAL ipaddress i want to prerout to them but i encountered a problem with the FTP part when prerouting the interface i could not connect to ftp outside of my network and ideas on howto prerout only incoming connections on a certain ipaddress?

thanks

A sample code that forwards connections made to your nat-computers' ftp-port from the interface IF_INET to the ip 192.168.1.11.
This should work atleast on passive ftp mode.

And the other question about limiting the scope of the rule to certain ip addresses (not only by interface as done above): "--source" does the job.

Something like makes the packets sourced from evil.bastard.somewhere.inter.net to be not forwarded but thrown away. (remember the correct ordering of the rules)

what about HTTP?

same thing just replace ftp with http or port 80? 8080?

That's correct. You can use service names (found in /etc/services) or raw port numbers in the iptables port matching patterns.

ok when i goto the ip of the NAT in the broser it still goes to the web pages set up on the NAT... i set them up there to see what page would load...when i goto the ip of the web server the corect page is shown....

from inside the nat on the 192.168 network i cannot goto the ip of the NAT it times out.... which.... "i think" is becuase its prerouting something somewhere else i will try flushing nat and and going to the addr with out prerouting to see if it times out....