Iptables and portforwarding to an internal webserver.
Ken Bradford
ken at alpha2.com
Mon Jun 14 10:42:20 EDT 2004
Thanks to everyone who offered help and advice. I worked out a solution
after thinking about Rob's SNAT suggetion some more. It turned out to be
rather straight forward and, I thought, elegant in it's simplicity. And
since we're only dealing with ports 80 & 443, it shouldn't impact their vpn.
Just 2 additional lines of code using POSTROUTING and SNAT. $IP is the
external IP address and by not specifing a new port the original source port
is retained:
$IPT -A FORWARD -p TCP -d 192.168.20.5 --dport 80 -j ACCEPT
$IPT -A PREROUTING -t nat -p TCP -d $NET --dport 80 -j DNAT --to
192.168.20.5:80
$IPT -A POSTROUTING -t nat -p TCP -d $INNET --dport 80 -j SNAT --to-source
$IP
$IPT -A FORWARD -p TCP -d 192.168.20.5 --dport 443 -j ACCEPT
$IPT -A PREROUTING -t nat -p TCP -d $NET --dport 443 -j DNAT --to
192.168.20.5:443
$IPT -A POSTROUTING -t nat -p TCP -d $INNET --dport 443 -j SNAT --to-source
$IP
Ken Bradford
Alpha II Service, Inc.
More information about the colug
mailing list