Newbie to linux and wanted to run internal web servers on my lan. Have tried numerous configurations to have iptables forward ports from linux box to internal lan. Connections from outside the network work fine, but connections from the lan get "connection refused" errors. Any suggestions??? Below is the current config:


$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEP

echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE
$IPTABLES -t nat -A PREROUTING -p tcp -d 65.xxx.xxx.xxx --dport 80 -j DNAT --to 192.168.1.X:80
$IPTABLES -t nat -A PREROUTING -p tcp -d 65.xxx.xxx.xxx --dport 2050 -j DNAT --to 192.168.1.X:80

You should take a look at the following:

http://www.linuxports.com/howto/IP-MASQ/x1525.htm

and then checkout ipmasqadm. It is talked about in the above readme and is my favorite way to forward ports through a firewall.

-Mark

I did something similar for FTP setup and had to go from:

/sbin/iptables -t nat -A PREROUTING -d 5.6.7.8 --dport 4000 -j DNAT --to 1.2.3.4:4000

to

/sbin/iptables -t nat -A PREROUTING -d 5.6.7.8 -s ! 1.2.3.4 --dport 4000 -j DNAT --to 1.2.3.4:4000

Or I got some terrible loop between my ftp machine and the firewall rerouting back to itself.

i'm having the same problem. iptables starting to make me scratch my head ... hard! i type the SAME exact thing as what you have and i get an error message that --dport isn't understood. BUT when i put in the protocol (ie -p TCP) it works fine.
why is that? why do i *HAVE* to specify the protocol? did you?

Heh, it's because I'm a retard and forgot -p tcp
you must specify the protocol.

lol.

ok, thanks! still lmao.

still doesn't work though! bah. ipmasqadm worked so well too. not sure why iptables is giving me such a hard time. can't get any of the portfwarding to work. (proxy server, dns, web)
grrrrrr.