Trying to forward web traffic through firewall w/ IPTABLES
Please help! I've tried reading the IPTABLES man page and scoured Google, but with no luck. I'm having trouble getting port forwarding to work...I'd like requests that come in to my firewall on port 80 to be forwarded to the private web host on port 8080.
I'm certain that two or three extra lines in /etc/sysconfig/iptables will enable the functionality, but I've been unable to find the magic incantations. I have a pretty generic home office configuration. I'm running Red Hat 8 and iptables on the firewall. The firewall has its own static IP address on an external Internet ethernet interface. It also has an internal interface to the private non-routable network (10.x.x.x). I'm using Network Address Translation to mask the private hosts behind the firewall. This is all working well. Now I've added a web server to my private network behind the firewall. Here's an ASCII diagram of the network: Code:
<INTERNET> ---------------------------------------------------- Code:
*filter Many, many thanks for any help! - Justin |
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:8080
This should be what youre looking for. |
Thanks for the response. It's still not working for me though. I added that line to my /etc/sysconfig/iptables file, but now I can't restore iptables:
Code:
# /etc/init.d/iptables restart Code:
*filter |
# (ie, accept everything except from the Internet-facing interface)
-A firewall -m state --state NEW -i ! eth0 -j ACCEPT Just wondered about this....how's anyone going to connect from outside of your network to any of the servers you are running? Maybe this is the problem. |
Quote:
In the meantime I'll add a line like so to my "filter" chain to allow HTTP traffic. Code:
. |
Try
iptables --flush then load your rules in, Does it give you an error then? If not save them iptables-save > /etc/sysconfig/iptables restart iptables /etc/init.d/iptables restart |
Thanks for all the suggestions. I found the solution at this web site:
http://kreiger.linuxgods.com/kiki/?P...with+netfilter Now I run the following script, and it sets everything up nicely... Code:
#!/bin/bash |
All times are GMT -5. The time now is 12:56 PM. |