Hi everyone.
I've been trying to redirect petitions made to certainly ports (ex. 80) to another linux boxes using one public ip address.
But it haven't work.
here's the code, where eth0 it's the interface connected to internet using a public ip, and eth1 it's the one connected to the LAN. The ip point address for all incoming data throught the port 80 will be 192.168.1.12 and it host an apache webserver
Code:
#!/bin/sh
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.12:80
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -i eth1 -j ACCEPT
#Access to internet
iptables -A FORWARD -s 192.168.1.0/24 -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -i eth1 -p tcp --dport 443 -j ACCEPT
## Access to DNS
iptables -A FORWARD -s 192.168.1.0/24 -i eth1 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -i eth1 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -i eth1 -j DROP
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -s 0.0.0.0/0 -i eth0 -p tcp -dport 1:1024 -j DROP
iptables -A INPUT -s 0.0.0.0/0 -i eth0 -p udp -dport 1:1024 -j DROP
But I can't get it work .. when I type the public address on a web browser it shows the "Could not connect to remote server" message, I don't know what else to do ... for the record .. I type the ip address of the webserver and it shows the welcome website of the server, also I can go outside to internet using the same firewall.
Any idea ... kernel option missing or something?
