Quote:
iptables -t nat -A PREROUTING -p tcp -i eth1 -d 197.41.39.55 --dport 8080 -j DNAT --to 192.168.10.5:80
|
Tried that too and still didn't work. I also tried SNAT by adding another virtual interface on the external primary interface. Gave it a public IP address that will be mapped with the an internal web server. Below are my configuration, correct me if I'm wrong.
# PREROUTING statements for 1:1 NAT (Connections originating from the Internet)
iptables -t nat -A PREROUTING -d 197.41.39.55 -i eth1 -j DNAT --to-destination 192.168.10.5
# POSTROUTING statements for 1:1 NAT (Connections originating from the home network servers)
iptables -t nat -A POSTROUTING -s 192.168.10.5 -o eth1 -j SNAT --to-source 197.41.39.55
# Allow forwarding to each of the servers configured for 1:1 NAT
iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 192.168.10.5 -m multiport \
--dport 80,22,21,53 -m state --state NEW -j ACCEPT
# Allow forwarding for all New and Established SNAT connections
# originating on the home network AND already established
# DNAT connections
iptables -A FORWARD -t filter -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Allow forwarding for all 1:1 NAT connections originating on
# the Internet that have already passed through the NEW forwarding
# statements above
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#Log traffic from debug level for POSTROUTING,PREROUTING and FORWORD chain.
iptables -t nat -A PREROUTING -j LOG --log-level debug --log-prefix '***PREROUTING*** '
iptables -t nat -A POSTROUTING -j LOG --log-level debug --log-prefix '***PREROUTING** '
iptables -A FORWARD -j LOG --log-level debug --log-prefix '//FORWARD// '