Assistant: Port Forwarding
I have two interfaces configured (Internet & LAN). I want traffic from a specefic host to be routed to a specific server.
My external interface is eth1 (197.41.39.55) & internal interface eth0 (192.168.10.0/24) that has several servers and networking equipments that needs to be reached by external hosts. I intend to route traffic from host 80.223.75.169 destined197.41.39.55 on port 8080, to be forwarded to 192.168.10.5 port 80. According to my internet search, below configuration should work: - - iptables -t nat -A PREROUTING -p tcp -i eth1 -d 197.41.39.55 --dport 8080 -j DNAT --to 192.168.10.5 - iptables -A FORWARD -p tcp -i eth0 -d 192.168.10.5 --dport 80 -j ACCEPT - iptables -t nat -A PREROUTING -j LOG --log-level debug --log-prefix '***PREROUTING***' I have implemented the above configuration but nothing works. I have also completely FLUSHED my firewall (for testing) and loaded the NAT module. And still doesn't work. Also, apart from the log file (messages), how can i troubleshoot iptable configuration. Assist please: Elly |
If you want port 8080 traffic to get to the inside port 80 then the rule should be like this
Code:
iptables -t nat -A PREROUTING -p tcp -i eth1 -d 197.41.39.55 --dport 8080 -j DNAT --to 192.168.10.5:80 |
Quote:
# PREROUTING statements for 1:1 NAT (Connections originating from the Internet) iptables -t nat -A PREROUTING -d 197.41.39.55 -i eth1 -j DNAT --to-destination 192.168.10.5 # POSTROUTING statements for 1:1 NAT (Connections originating from the home network servers) iptables -t nat -A POSTROUTING -s 192.168.10.5 -o eth1 -j SNAT --to-source 197.41.39.55 # Allow forwarding to each of the servers configured for 1:1 NAT iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 192.168.10.5 -m multiport \ --dport 80,22,21,53 -m state --state NEW -j ACCEPT # Allow forwarding for all New and Established SNAT connections # originating on the home network AND already established # DNAT connections iptables -A FORWARD -t filter -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Allow forwarding for all 1:1 NAT connections originating on # the Internet that have already passed through the NEW forwarding # statements above iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT #Log traffic from debug level for POSTROUTING,PREROUTING and FORWORD chain. iptables -t nat -A PREROUTING -j LOG --log-level debug --log-prefix '***PREROUTING*** ' iptables -t nat -A POSTROUTING -j LOG --log-level debug --log-prefix '***PREROUTING** ' iptables -A FORWARD -j LOG --log-level debug --log-prefix '//FORWARD// ' |
The configuration seems correct, if its not working use tcpdump to debug it.
|
All times are GMT -5. The time now is 06:35 AM. |