DNAT
Hi
I have a windows machine having a webserver running on it but my problem is that is very often being hacked. I planned to put a linux server in front of it and to the DNAT the http port and https port to a local Lan Ip which would host the windows webserver. My Global IP of the Linux server will be 20x.1x4.148.29/27 Private IP of the windows webserver will 192.168.20.29 gateway 192.168.20.1(20x.1x4.148.25/27) Can any help me what Iptables lines should be written so that all internet users access the port 80 and 443 be redirected to the windows server Thanking you Sanjib Gupta |
iptables -t nat -A PREROUTING -p tcp -d 20x.1x4.148.29 --dport 80 -j DNAT --to-destination 192.168.20.29:80
iptables -t nat -A PREROUTING -p tcp -d 20x.1x4.148.29 --dport 443 -j DNAT --to-destination 192.168.20.29:443 thnks |
Thanks for the suggestion
I tried it says Connection Interrupted The connection to the server was reset while the page was loading. The network link was interrupted while negotiating a connection. Please try again. |
If you to hide your inner windows completely you also need to implement SNAT on linux system, the entry will be
iptables -t nat -A POSTROUTING -p tcp -s 192.168.20.29:80 --sport 80 -j SNAT --to-source 20x.1x4.148.29 iptables -t nat -A POSTROUTING -p tcp -s 192.168.20.29:443 --sport 80 -j SNAT --to-source 20x.1x4.148.29 I think after implementing both the DNAT and SNAT on linux system you will achieve your purpose. thnks |
All times are GMT -5. The time now is 12:11 AM. |