iptables and port forwarding
I'm trying to set up IP masquerading under iptables. Essentially, I want to forward any traffic to port 7070 on a static IP address machine to a DHCP assigned address (192.168.1.*) machine behind it to port 80 since we've got no public IP addresses spare. After reading up on iptables, I figured this should work as a config (/etc/sysconfig/iptables) on the static IP machine: -
Code:
-A PREROUTING -p tcp -i eth0 --dport 7070 -j DNAT --to 192.168.1.8:80 I've enabled ip_forward = 1 module. I'm also not sure if I should be editing the /etc/sysconfig/iptables file directly....how should this be done usually? I'm using Fedora 12. |
So you are using NAT then ?
Read the docs : http://www.redhat.com/docs/manuals/e...rerouting.html You can read the previous few pages to read about NAT and masquerading. |
Quote:
2. Forward traffic to DHCP assigned IP is difficult, because how knows which IP your host will get next time. I suggest to give it a static IP, like 192.168.1.20. Can you do it? |
This is nothing more than a wild guess, so apologies if it does not help you:
Insert the rule: Quote:
Quote:
|
Thanks spampig for your helpful response - I'll try it. I gather using "iptables" from the command-line is different to inserting this rule directly into the iptables config file? I've inserted rule like this before, but they don't seem to be reflected in the /etc/sysconfig/iptables config file. Where are these rules stored if not there? I'd prefer to add these directives directly to some sort of configuration file, if possible.
|
No, didn't work. Ah well.
|
Managed it...:D
In case anyone else wants to do something similar... iptables-config: Code:
IPTABLES_MODULES="iptable_nat" Code:
*nat |
All times are GMT -5. The time now is 10:39 AM. |