On 17 Apr 2004 15:38:10 -0700
(E-Mail Removed) (Mitch) wrote:
> This seems so simple, but it's not working... I've got a FEDORA box
> setup as a basic firewall using IPtables - I need to forward HTTP
> traffic through the FEDORA/FIREWALL box to an internal webserver.
> This is the basic setup:
>
> 65.222.38.100 (external address)
> 65.222.38.101 (VIRTUAL external address)
>
> FORWARD TO
>
> 192.168.0.5 Port 80
>
> The problem is that I can forward 80 to the Internal address of the
> FIREWALL, but I can't forward it to another internal host (EG:
> 192.168.0.5). The port shows as closed and port 80 traffic doesn't
> seem to get past the firewall... My question(s) is/are:
> 1. Which rule is processed first, NAT or FORWARD
> 2. If a Forward rule is configured, shouldn't that port show "open"
> when I do an NMAP of the External interface?
>
> From what I've read - a forward rule and a DNAT rule are required (and
> setup) but something is stopping the traffic from entering the
> firewall!?
>
> Thanks,
> M
OK, here's how I do it:
iptables -t nat -A PREROUTING -i $ext_if -p tcp --dport 80 -j DNAT --to-destination $webserver_ip
iptables -A FORWARD -i $ext_if -p tcp --dport 80 -d $webserver_ip -j ACCEPT
the first rule defines that all packets incoming from the external interface with destination port 80 are routed to the webservers IP.
the senond rule accepts these packets
Greets
Chris
Similar Threads
Linear Mode
