LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-05-2007, 05:23 AM   #1
willyweedle
LQ Newbie
 
Registered: Jan 2007
Location: Arkansas
Distribution: Zenwalk as desktop, Zenlive as router, XP as game box
Posts: 19

Rep: Reputation: 0
incoming connections with iptables


Lets say I have 192.168.1.100 and 192.168.1.101 behind a router and that router is connected to eth0 on a linux box whose ip is 192.168.1.102. eth1 on that linux box is an address assigned to me by the isp. Here's a little diagram:

net
|
linuxbox
|
router
/\
/ \
0 1
I currently have iptables on that linux box configured like this:

#iptables -F; iptables -t nat -F; iptables -t mangle -F
#iptables -t nat -A POSTROUTING -j SNAT --to $assignedIP

(taken straight from ipmasquerading-simple of the HOWTOS)

This has been working fine, as long as the connections originate from the internal network (from eth0 of the linux box). What I want to know is how can I configure the linux box to accept incoming connections and transfer them to.. lets say 192.168.1.100?
 
Old 08-05-2007, 06:41 AM   #2
rupertwh
Member
 
Registered: Sep 2006
Location: Munich, Germany
Distribution: Debian / Ubuntu
Posts: 298

Rep: Reputation: 49
First: 192.168.1.100, .101, .102 are all on the same subnet, but .102 is on a different physical network. This shouldn't work at all.

Quote:
Originally Posted by willyweedle
#iptables -t nat -A POSTROUTING -j SNAT --to $assignedIP
This rule is applied to any packet, regardless of interface it comes in / goes out through or address it comes from / goes to. Is this really what you are using?

As to your question: What you are looking for is port forwarding. Add a PREROUTING rule to DNAT the packets and add a FORWARD rule to allow those packets through, e.g. to forward www:
Code:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.100
iptables -A FORWARD -i eth1 -p tcp --dst 192.168.1.100/32 --dport 80 -j ACCEPT
 
Old 08-05-2007, 03:33 PM   #3
willyweedle
LQ Newbie
 
Registered: Jan 2007
Location: Arkansas
Distribution: Zenwalk as desktop, Zenlive as router, XP as game box
Posts: 19

Original Poster
Rep: Reputation: 0
Thanks! Things are working like I want them to now, and yes, that's really how I have iptables configured.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there a way to queue incoming sftp connections? erktrek Linux - Server 4 11-10-2006 03:06 PM
Listening for incoming connections vital_101 Mandriva 9 09-20-2005 09:26 PM
Discovering the true IP of incoming connections fibbi Linux - Networking 2 06-14-2005 02:46 AM
restricting incoming connections, using sockets SoulSkorpion Programming 2 10-20-2004 04:15 AM
Sendmail and incoming connections mike_smith Linux - Networking 3 01-19-2004 07:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration