LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-24-2009, 01:51 AM   #1
sanjibgupta
Member
 
Registered: Apr 2003
Location: Kolkata
Posts: 214

Rep: Reputation: 30
DNAT


Hi
I have a windows machine having a webserver running on it but my problem is that is very often being hacked.
I planned to put a linux server in front of it and to the DNAT the http port and https port to a local Lan Ip which would host the windows webserver.

My Global IP of the Linux server will be 20x.1x4.148.29/27
Private IP of the windows webserver will 192.168.20.29 gateway 192.168.20.1(20x.1x4.148.25/27)

Can any help me what Iptables lines should be written so that all internet users access the port 80 and 443 be redirected to the windows server

Thanking you
Sanjib Gupta
 
Old 12-24-2009, 02:04 AM   #2
vishesh
Member
 
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661

Rep: Reputation: 66
iptables -t nat -A PREROUTING -p tcp -d 20x.1x4.148.29 --dport 80 -j DNAT --to-destination 192.168.20.29:80
iptables -t nat -A PREROUTING -p tcp -d 20x.1x4.148.29 --dport 443 -j DNAT --to-destination 192.168.20.29:443


thnks

Last edited by vishesh; 12-24-2009 at 02:07 AM.
 
Old 12-24-2009, 02:23 AM   #3
sanjibgupta
Member
 
Registered: Apr 2003
Location: Kolkata
Posts: 214

Original Poster
Rep: Reputation: 30
Thanks for the suggestion
I tried it says

Connection Interrupted

The connection to the server was reset while the page was loading.

The network link was interrupted while negotiating a connection. Please try again.
 
Old 12-24-2009, 10:54 AM   #4
vishesh
Member
 
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661

Rep: Reputation: 66
If you to hide your inner windows completely you also need to implement SNAT on linux system, the entry will be

iptables -t nat -A POSTROUTING -p tcp -s 192.168.20.29:80 --sport 80 -j SNAT --to-source 20x.1x4.148.29
iptables -t nat -A POSTROUTING -p tcp -s 192.168.20.29:443 --sport 80 -j SNAT --to-source 20x.1x4.148.29

I think after implementing both the DNAT and SNAT on linux system you will achieve your purpose.

thnks

Last edited by vishesh; 12-24-2009 at 11:38 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Dnat sanjibgupta Linux - Networking 2 04-19-2007 05:56 AM
DNAT not working stevesl Linux - Networking 13 05-17-2005 12:22 AM
dnat kapcreations Linux - Networking 1 12-28-2004 05:12 PM
Rules before DNAT Jacky1668 Linux - Security 2 05-17-2004 11:16 PM
IP Tables DNAT hakcenter Linux - Networking 5 11-02-2003 11:35 PM


All times are GMT -5. The time now is 10:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration