Routing a request to a internal ip address

sbabcock23 · 08-24-2006, 02:12 PM

Hi,

Sorry in advance if this is already posted but I couldn't find anything. Her is what I want to do.
I want to route a request that someone sends a request say 1.1.1.1:2323 and I want it to route to an internal ip address and port for example 192.168.1.100:2324. How can this be done?

Thanks
Steve

peter_robb · 08-24-2006, 07:25 PM

iptables -t nat -A PREROUTING -i ethX -p tcp/udp --dport 2323 -j DNAT --to-dest 192.168.1.100:2324

win32sux · 08-25-2006, 12:08 AM

also, just to add to peter_robb's post, don't forget your FORWARD rules, since your FORWARD policy is (hopefully) set to DROP... example:

Code:

iptables -t nat -A PREROUTING -p TCP -i $WAN_IFACE --dport 2323 \
-j DNAT --to-destination 192.168.1.100:2324

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -p TCP -i $WAN_IFACE -o $LAN_IFACE --dport 2324 \
-d 192.168.1.100 -m state --state NEW -j ACCEPT

iptables -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE

or if you don't wanna do sateful packet filtering:

Code:

iptables -t nat -A PREROUTING -p TCP -i $WAN_IFACE --dport 2323 \
-j DNAT --to-destination 192.168.1.100:2324

iptables -A FORWARD -p TCP -i $LAN_IFACE -o $WAN_IFACE --sport 2324 \
-s 192.168.1.100 -j ACCEPT

iptables -A FORWARD -p TCP -i $WAN_IFACE -o $LAN_IFACE --dport 2324 \
-d 192.168.1.100 -j ACCEPT

iptables -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE

remember to substitute $WAN_IFACE and $LAN_IFACE for your external and internal interface names respectively...