Re: iptables and NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/25/2011 01:13 PM, Jatin K wrote:
> iptables -t nat -A PREROUTING -d xx.xx.xx.xx -t tpc --dport 80 -j DNAT 
> --to-destination 192.168.131.131

Ok, assuming your default policy is to drop, I think you'll need this rule:

iptables -A FORWARD -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

I'm assuming eth1 is your internal interface (and eth0 your external WAN
iface).  This rule will allow the responses from your web-server to
pass-thru your firewal...

Also, if you leave all like this it won't work as you need to perform
"Source NAT or Masquerade" for your 192.168.131.131 ip (if you
don't...then it will leave your external interface as coming from
192.168.131.131 which of course is not valid ip for the internet).  In
order for your webserver send responses to a machine on the internet you
need to masquerade its ip. You can do this with this:

iptables -A POSTROUTING -o eth0 -s 192.168.131.0/24 -j MASQUERADE

That is, all traffic that will go out thru eth0, if the source network
is 192.168.131.0/24, then change the source ip to that of your eth0
(your WAN ip).

Try that and see if works.

HTH,
Jorge
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux