External port forwarding to an internal host

antken · 08-26-2003, 04:23 PM

hi,

tonight i have one success story and one question
a few moments ago i successfully forwarded a citrix ica connection over the internet to an internal server on my companies network (

), using a modified version of the line below:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:8080

we have two of these citrix deeleys and i would like to enable external access for the other server too, however the port is already inuse on the first external ip, so i thaught i would use the second ip address, my question is this:

how would i get linux to reconise connections to ip address 111.222.333.444 to go to citrix server 1 and 444.333.222.111 to go to server 2?

would i just stick in an extra option to iptables i.e.:
iptables -t nat -A PREROUTING -s 444.333.222.111 -p tcp --dport 1494 -j DNAT --to-destination 10.0.0.202

would that work, and just keep replacing the -s option with other ips?

thanks
antken

tarballedtux · 08-26-2003, 09:29 PM

Well if the source is always the same for which contact the same citrix metaframe. The you can say if the source is xyz goto this server, but if its abc goto this one. Or if you want to be at whatver computer you want and be able to get to either of them then you can set up that one gateway inteface (ex. eth0) to respond to 2 IPs.

ipconfig eth0:0 <IP address1> netmask <netmask> up
ipconfig eth0:1 <IP address2> netmask <netmask> up

Then you can rules like this:

iptables -t nat -i eth0:0-A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:8080
iptables -t nat -i eth0:1 -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:8080

So all you have to to do is point to either of the two IPs and you can access whichever server you want. Thats assuming you have 2 IPs availe which might be an issue if this a publicly accessible interface.

--tarballedtux

henkoegema · 12-17-2006, 08:01 AM

I just changed router from U.S.Robitics to Linksys WRT54G.
To excess my Linux server remotely (via PUTY) I forwarded external port 2222 to internal port 22 for LAN server 192.168.1.100 in the U.S.Robotics router.

There don't seem to be such a posibility(at least I can't find it) in the Linksys router.

Is there another way (Linux way ?) to forward external port 2222 to internal port 22 ??

Henk

amitsharma_26 · 12-17-2006, 09:43 AM

Quote:

Originally Posted by henkoegema

Is there another way (Linux way ?) to forward external port 2222 to internal port 22 ??

Henk you have yourself answered to this query in your first post with..

Code:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:8080

(you only got to change the ports of --dport 2222 & --to-destination X.X.X.X:22)

& if in case this the linux local router box, then you can use the REDIRECT handle in PREROUTING chain for the respective functionality.