Iptables redirect ip and port
 

I have a server with internet and firewall and I have some pages too,
I have other server into my network where I have another web page I need redirect for this server "it is a windows 2003" with iptables when people need open this page outside of my network.
So I creat a virual Interface eth0:1 with one ip, and try redirect ip
in the windows server 2003 pages is on port 8080
so I did
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to 172.16.0.12:8080
But when a do this and try open the page I have timeout.
I have any idea I am trying to see the logs but a found no solution

Do you have IP forwarding enabled? Check with:You'll also need to deal with the returning packet, otherwise it'll remain with 172.16.0.12 as the source IP address. This is typically done with a SNAT/MASQUERADE rule. Example:BTW, I recommend you always specify an interface match in PRE/POSTROUTING rules.

Also, your FORWARD chain must be set to allow the forwarded packets. Check with:

When I use the command iptables -nvL it should appear a rule with the ip I used ?
I try to put this rule in the start of firewall script but It dont work yet.
I an reading a book it say a have to make the rule to return but the book I have is a little old
I try do this
iptables -t nat - A POSTROUTING -p tcp -s 172.16.0.12 --dport 8080 -j SNAT xxx.xxx.xxx.xxx:80
but I am not sure.
I Would like to say thanks for all help

I already gave you a POSTROUTING rule you can use. You haven't shown us that you have IP forwarding enabled, or what your FORWARD chain looks like. Please post the command output here. While were at it, show us the nat table setup too, with:BTW, please use code tags for this sort of thing.

The result of command you ask me
thanks...

root@server1:/firewall# cat /proc/sys/net/ipv4/ip_forward
1

root@server1:/firewall# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 160 packets, 14455 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4511 LOG flags 0 level 6 prefix `REDIRECIONANDO PROTCLI: '
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4511 to:172.16.0.1
1 48 LOG tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4512 LOG flags 0 level 6 prefix `REDIRECIONANDO VERSAO: '
1 48 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4512 to:172.16.0.1
0 0 LOG tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8001 LOG flags 0 level 6 prefix `REDIRECIONANDO CRM: '
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8001 to:172.16.0.12
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 200.23.15.132 tcp dpt:80 to:172.16.0.12:8080

Chain POSTROUTING (policy ACCEPT 247 packets, 17398 bytes)
pkts bytes target prot opt in out source destination
32 2659 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:200.23.15.130

Chain OUTPUT (policy ACCEPT 278 packets, 20009 bytes)
pkts bytes target prot opt in out source destination

Almost there. Still waiting for you to post the FORWARD chain.

Why aren't you using code tags? It's unnecessarily difficult to read this without them.

I am sorry but do you wanna see the rule I put in the script ?

No, what I wanted was for you to add code tags to your previous post, and also to post the output of "iptables -nvL FORWARD" (using code tags too). In any case, the rules you need look like this (assuming FORWARD policy is set to DROP):When I recommended the MASQUERADE target, I had forgotten you were using an aliased IP.

It work now very well I was trying for the LAN and it was not working I try from the Wan and it work fine

Thanks a lot my friend.
Gods Bless you