Johnno <[EMAIL PROTECTED]> writes: > Hello > > Need a little bit of help here... eth1 = Internet, eth0 = LAN, will > this work? > > iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j DNAT --to > 192.168.1.50:80 > iptables -A INPUT -p tcp -m state --state NEW --dport 80 -i eth1 -j ACCEPT > > Anything on port 80 to goto a internal server on ip 192.168.1.50
Been awhile since I played with forwarding. One thing to remember is to turn on forwarding in the kernel (/proc/sys/net/ipv4/ip_forward, if you have ipv6, you need to do something similar). Also, I'm not sure you need the second rule. I think it gets rerouted before it gets to the INPUT chain if you route it in the PREROUTING chain. But if you do need the INPUT chain, then the rule should probably not have the state directive (otherwise, all packages not set to NEW, which is basically all packages after the first one, will be dropped or whatever the policy is) -- John L. Fjellstad web: http://www.fjellstad.org/ Quis custodiet ipsos custodes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
