Iptables redirect ip and port
I have a server with internet and firewall and I have some pages too,
I have other server into my network where I have another web page I need redirect for this server "it is a windows 2003" with iptables when people need open this page outside of my network. So I creat a virual Interface eth0:1 with one ip, and try redirect ip in the windows server 2003 pages is on port 8080 so I did iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to 172.16.0.12:8080 But when a do this and try open the page I have timeout. I have any idea I am trying to see the logs but a found no solution |
Quote:
Code:
cat /proc/sys/net/ipv4/ip_forward Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Also, your FORWARD chain must be set to allow the forwarded packets. Check with: Code:
iptables -nvL FORWARD |
When I use the command iptables -nvL it should appear a rule with the ip I used ?
I try to put this rule in the start of firewall script but It dont work yet. I an reading a book it say a have to make the rule to return but the book I have is a little old I try do this iptables -t nat - A POSTROUTING -p tcp -s 172.16.0.12 --dport 8080 -j SNAT xxx.xxx.xxx.xxx:80 but I am not sure. I Would like to say thanks for all help |
I already gave you a POSTROUTING rule you can use. You haven't shown us that you have IP forwarding enabled, or what your FORWARD chain looks like. Please post the command output here. While were at it, show us the nat table setup too, with:
Code:
iptables -nvL -t nat |
The result of command you ask me
thanks... root@server1:/firewall# cat /proc/sys/net/ipv4/ip_forward 1 root@server1:/firewall# iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 160 packets, 14455 bytes) pkts bytes target prot opt in out source destination 0 0 LOG tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4511 LOG flags 0 level 6 prefix `REDIRECIONANDO PROTCLI: ' 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4511 to:172.16.0.1 1 48 LOG tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4512 LOG flags 0 level 6 prefix `REDIRECIONANDO VERSAO: ' 1 48 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4512 to:172.16.0.1 0 0 LOG tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8001 LOG flags 0 level 6 prefix `REDIRECIONANDO CRM: ' 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8001 to:172.16.0.12 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 200.23.15.132 tcp dpt:80 to:172.16.0.12:8080 Chain POSTROUTING (policy ACCEPT 247 packets, 17398 bytes) pkts bytes target prot opt in out source destination 32 2659 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:200.23.15.130 Chain OUTPUT (policy ACCEPT 278 packets, 20009 bytes) pkts bytes target prot opt in out source destination |
Almost there. Still waiting for you to post the FORWARD chain.
Why aren't you using code tags? It's unnecessarily difficult to read this without them. |
I am sorry but do you wanna see the rule I put in the script ?
|
Quote:
Code:
iptables -t nat -A PREROUTING -i eth0 -p TCP -d $WINDOZE_EXTERNAL_IP --dport 80 \ |
It work now very well I was trying for the LAN and it was not working I try from the Wan and it work fine
Thanks a lot my friend. Gods Bless you |
All times are GMT -5. The time now is 02:03 PM. |