Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a server with internet and firewall and I have some pages too,
I have other server into my network where I have another web page I need redirect for this server "it is a windows 2003" with iptables when people need open this page outside of my network.
So I creat a virual Interface eth0:1 with one ip, and try redirect ip
in the windows server 2003 pages is on port 8080
so I did
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to 172.16.0.12:8080
But when a do this and try open the page I have timeout.
I have any idea I am trying to see the logs but a found no solution
I have a server with internet and firewall and I have some pages too,
I have other server into my network where I have another web page I need redirect for this server "it is a windows 2003" with iptables when people need open this page outside of my network.
So I creat a virual Interface eth0:1 with one ip, and try redirect ip
in the windows server 2003 pages is on port 8080
so I did
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to 172.16.0.12:8080
But when a do this and try open the page I have timeout.
I have any idea I am trying to see the logs but a found no solution
Do you have IP forwarding enabled? Check with:
Code:
cat /proc/sys/net/ipv4/ip_forward
You'll also need to deal with the returning packet, otherwise it'll remain with 172.16.0.12 as the source IP address. This is typically done with a SNAT/MASQUERADE rule. Example:
Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
BTW, I recommend you always specify an interface match in PRE/POSTROUTING rules.
Also, your FORWARD chain must be set to allow the forwarded packets. Check with:
When I use the command iptables -nvL it should appear a rule with the ip I used ?
I try to put this rule in the start of firewall script but It dont work yet.
I an reading a book it say a have to make the rule to return but the book I have is a little old
I try do this
iptables -t nat - A POSTROUTING -p tcp -s 172.16.0.12 --dport 8080 -j SNAT xxx.xxx.xxx.xxx:80
but I am not sure.
I Would like to say thanks for all help
I already gave you a POSTROUTING rule you can use. You haven't shown us that you have IP forwarding enabled, or what your FORWARD chain looks like. Please post the command output here. While were at it, show us the nat table setup too, with:
I am sorry but do you wanna see the rule I put in the script ?
No, what I wanted was for you to add code tags to your previous post, and also to post the output of "iptables -nvL FORWARD" (using code tags too). In any case, the rules you need look like this (assuming FORWARD policy is set to DROP):
Code:
iptables -t nat -A PREROUTING -i eth0 -p TCP -d $WINDOZE_EXTERNAL_IP --dport 80 \
-j DNAT --to $WINDOZE_INTERNAL_IP:8080
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -p TCP -d $WINDOZE_INTERNAL_IP --dport 8080 \
-m state --state NEW -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s $WINDOZE_INTERNAL_IP \
-j SNAT --to-source $WINDOZE_EXTERNAL_IP
When I recommended the MASQUERADE target, I had forgotten you were using an aliased IP.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.