On Friday 29 October 2010 04:22:52 Rudi Ahlers wrote: > How do I give full access to all ports on this IP, instead of forwarding > every port? Sure. That's called One-to-One NAT. You'll do something like this: iptables -t nat -I PREROUTING -d 192.168.1.20 -j DNAT --to-destination $GREEN ...where $GREEN is one ip on your 192.168.2.x network. Then make sure you have the proper "allow" rules on the INPUT chain for your LAN ip ($GREEN). The above was for ingress traffic. Now, for egress traffic (for this internal LAN ip) you'll need to perform NAT as well: iptables -t nat -A POSTROUTING -s $GREEN -j SNAT --to-source 192.168.1.20 Check out: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables HTH, Jorge _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: How to access one machine behind iptables, on different subnet?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: centos@xxxxxxxxxx
- Subject: Re: How to access one machine behind iptables, on different subnet?
- From: Jorge Fábregas <jorge.fabregas@xxxxxxxxx>
- Date: Fri, 29 Oct 2010 08:10:06 -0400
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <AANLkTi=xB1WMj4tJ3O1bixmJQAsSy2tx-8gijWmLyCvW@xxxxxxxxxxxxxx>
- User-agent: KMail/1.13.5 (Linux/2.6.32.21-168.fc12.i686.PAE; KDE/4.4.5; i686; ; )
- References:
- How to access one machine behind iptables, on different subnet?
- From: Rudi Ahlers
- How to access one machine behind iptables, on different subnet?
- Prev by Date: Re: firefox problems
- Next by Date: Re: faster fsck ?
- Previous by thread: How to access one machine behind iptables, on different subnet?
- Next by thread: Re: How to access one machine behind iptables, on different subnet?
- Index(es):
 |