LinuxQuestions.org - incoming connections with iptables

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - incoming connections with iptables (https://www.linuxquestions.org/questions/linux-networking-3/incoming-connections-with-iptables-574816/)

incoming connections with iptables

Lets say I have 192.168.1.100 and 192.168.1.101 behind a router and that router is connected to eth0 on a linux box whose ip is 192.168.1.102. eth1 on that linux box is an address assigned to me by the isp. Here's a little diagram:

net
|
linuxbox
|
router
/\
/ \
0 1
I currently have iptables on that linux box configured like this:

#iptables -F; iptables -t nat -F; iptables -t mangle -F
#iptables -t nat -A POSTROUTING -j SNAT --to $assignedIP

(taken straight from ipmasquerading-simple of the HOWTOS)

This has been working fine, as long as the connections originate from the internal network (from eth0 of the linux box). What I want to know is how can I configure the linux box to accept incoming connections and transfer them to.. lets say 192.168.1.100?

First: 192.168.1.100, .101, .102 are all on the same subnet, but .102 is on a different physical network. This shouldn't work at all.

Quote:

Originally Posted by willyweedle

#iptables -t nat -A POSTROUTING -j SNAT --to $assignedIP

This rule is applied to any packet, regardless of interface it comes in / goes out through or address it comes from / goes to. Is this really what you are using?

As to your question: What you are looking for is port forwarding. Add a PREROUTING rule to DNAT the packets and add a FORWARD rule to allow those packets through, e.g. to forward www:

Code:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.100

iptables -A FORWARD -i eth1 -p tcp --dst 192.168.1.100/32 --dport 80 -j ACCEPT

Thanks!:) Things are working like I want them to now, and yes, that's really how I have iptables configured.