Quote:
Originally Posted by scroogie
What must the iptables look like to forward http request from the internet(eth1) to the dmz (eth2)
|
It should look like any of the port-forwarding illustrations which are available all over the Web.
Something like this (assuming a FORWARD policy of DROP):
Code:
iptables -t nat -A PREROUTING -p TCP -i eth1 --dport 80 -j DNAT \
--to-destination 192.168.223.27
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -p TCP -i eth1 -o eth2 --dport 80 \
-d 192.168.223.27 -m state --state NEW -j ACCEPT