[Cialug] iptables restart?
Zachary Kotlarek
zach at kotlarek.com
Wed Dec 14 18:15:59 CST 2011
On Dec 14, 2011, at 3:02 PM, L. V. Lammert wrote:
> Found the DNAT rules in a different section and I copied one to create:
>
> $IPTABLES -t nat -A PREROUTING -p TCP -i $EXTIF -d $EXTIP --dport 8000 -j
> DNAT --to $MSTS1:80
That looks like it should work.
If you have a default DENY policy on the FORWARD table (i.e. if `iptables -L FORWARD` start with "Chain FORWARD (policy DROP)") you will also need a rule that allows the NATed traffic to pass. To avoid that problem you can either set the default policy to ACCEPT:
iptables --policy FORWARD ACCEPT
which effectively disables any firewall provided by the router (so be sure that's what you mean), or you can install an ACCEPT rule like the one you posted before. Something like:
iptables --append FORWARD --in-interface $EXTIF --destination $INTERNAL_IP --protocol tcp --destination-port http --jump ACCEPT
Also I'm assuming that this box is already generally working as a router -- that you're using it to do outbound NAT and it's working properly for that. If that's not the case there could be other things to setup as well.
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
URL: <http://cialug.org/pipermail/cialug/attachments/20111214/5e44daed/attachment-0001.bin>
More information about the Cialug
mailing list