iptables - enable port forwarding from internal network
I've got a ubuntu server (11.04) installation with routing using iptables running, it all works well, even port forwarding.
Now what I would like to do is enable the "port forwarding" rules on the internal network. i.e. I have a https-webserver on a internal box at 10.255.72.3:444, I can reach this using https://<domain>:444 perfectly from the outside And I can reach a Win7 (RDP) machine with <domain>:33891 (translates to 10.255.72.21:3389). I would like to be able to reach both the https-server and rdp from the inside network using the same addresses, https://<domain>:444 and <domain>:33891. I know there's a way to accomplish this. I remember on a old opensuse-installation, this was the default behavior. I installed the new openSUSE to test but they've "disabled" it now. My setup: eth0 - Internet eth1 - 10.255.71.0/24 eth2 - Internal 10.255.72.0/24 (IP: 10.255.72.254) I've got things working so that I can access the Internet and 10.255.71.0-network from the internal 10.255.72.0. My ip-tables config: Code:
# Generated by iptables-save v1.4.10 on Sun Jun 26 10:09:30 2011 Any help appreciated! |
You need to allow FORWARDing of packets from one interface to the other.
|
Quote:
Doesn't this allow forwarding of packets to and from 10.255.72.0/24 (eth2)? Code:
Chain FORWARD (policy DROP 0 packets, 0 bytes) Code:
iptables -P FORWARD ACCEPT Here's my iptables -L -v -n: Code:
Chain INPUT (policy ACCEPT 36 packets, 4359 bytes) Code:
Chain PREROUTING (policy ACCEPT 3635 packets, 357K bytes) |
You need to tell the system that it is allowed to forward packets. This is done in 2 ways.
Turn on immediately: Code:
net.ipv4.ip_forward = 1 Code:
echo 1 > /proc/sys/net/ipv4/ip_forward Code:
cat /proc/sys/net/ipv4/ip_forward |
All times are GMT -5. The time now is 05:47 PM. |