Some IPTables help... forwarding if a specific IP

Jimbobbob · 11-04-2003, 06:37 PM

My goal is to get iptables to forward incoming port 80 to 5801, but only if the incoming IP address is a certain one.

My school computers block everything except port 80 and 443 (https), and i want to use the web based vnc client there, but i would like my webserver to be available everywhere else. (i would also like ssh, which i could forward from 443 to 22)

Is this even possible?

or better yet, anything that would forward domain.com/vnc to domain.com:5801 and domain.com/ssh to domain.com:22

Thanks for any help you can provide

(keep in mind i am completely new to iptables)

/bin/bash · 11-04-2003, 10:21 PM

The following is a snippet from the http://projectfiles.com/firewall/config.html

Quote:

PORT_FORWARDS - {List} This directive intelligently forwards connections received on a specific port to a specified host and port. If PORT_FWD_ALL below is disabled, the PERMIT option can be used to allow access to a port forwarding definition. If no protocol is specified, then it is assumed that connections of either protocol should be forwarded. If the destination ports are missing, the inbound port number will not be modified.
Format:[<protocol>:]<inbound port or port-range>:<destination host>[:<destination port or port-range>]
Examples:
PORT_FORWARDS="53:192.168.0.11" Forward incoming connections on port 53 to 192.168.0.11
PORT_FORWARDS="tcp:8080-8090:192.168.0.10:80" Forward incoming tcp connections ports 8080 through 8090 to 192.168.0.10 port 80

It is close to what you want but it doesn't seem to have the option to forward by source-host:port to dest-host:port.

Jimbobbob · 11-05-2003, 08:44 AM

Thanks. i may just have to run both vnc and ssh on ports 80 and 443 entirely. *sigh* forget webserver, unless i want to run that on a diff port...