On Mon, April 27, 2009 12:01 pm, Dan Carl wrote: > Bo Lynch wrote: >> I'm having some port forwarding issues issues with iptables. >> We are using iptables as a firewall with 2 nics and on ip alias. >> I'm trying to port forward on the alias ip >> eth0 = 65.x.x.1 >> eth0:1 = 65.x.x.2 >> eth1 = 192.168.x.x >> >> I'm wanting to forward certain ports(80,5071...etc) that makes request >> on >> eth0:1 IP 65.x.x.2 to forward to internal IP 192.168.x.x. I have setup >> the >> following rules but I must be doing something wrong. >> iptables -t nat -A PREROUTING -p tcp -i eth0 -d 65.x.x.2 --dport 80 -j >> DNAT --to-destination 192.168.x.x:80 >> iptables -t nat -A PREROUTING -p tcp -i eth0 -d 65.x.x.2 --dport 5071 -j >> DNAT --to-destination 192.168.x.x:5071 >> iptables -A FORWARD -p tcp -i eth0 -d 192.168.x.x --dport 80 -j ACCEPT >> iptables -A FORWARD -p tcp -i eth0 -d 192.168.x.x --dport 5071 -j ACCEPT >> >> Any help would be greatly appreciated. >> Thanks >> > Try > > iptables -A FORWARD -p tcp -i eth0 -o eth1 -d 192.168.x.x --dport 80 -j > ACCEPT > iptables -A FORWARD -p tcp -i eth0 -o eth1 -d 192.168.x.x --dport 5071 -j > ACCEPT > > > Tried that with no luck. Here is what my NAT looks like. [root@localhost ~]# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere 65.161.127.70 tcp dpt:http to:192.168.1.3:80 DNAT tcp -- anywhere 65.161.127.70 tcp dpt:powerschool to:192.168.1.3:5071 DNAT tcp -- anywhere 65.161.127.70 tcp dpt:timbuktu to:192.168.1.3:407 DNAT tcp -- anywhere 65.161.127.70 tcp dpt:timbuktu-srv1 to:192.168.1.3:1417 DNAT tcp -- anywhere 65.161.127.70 tcp dpt:timbuktu-srv2 to:192.168.1.3:1418 DNAT tcp -- anywhere 65.161.127.70 tcp dpt:timbuktu-srv3 to:192.168.1.3:1419 DNAT tcp -- anywhere 65.161.127.70 tcp dpt:timbuktu-srv4 to:192.168.1.3:1420 DNAT tcp -- anywhere 65.161.127.70 tcp dpt:7880 to:192.168.1.3:7880 DNAT tcp -- anywhere 65.161.127.70 tcp dpt:https to:192.168.1.3:443 DNAT udp -- anywhere 65.161.127.70 udp dpt:timbuktu to:192.168.1.3:407 DNAT udp -- anywhere 65.161.127.70 udp dpt:timbuktu-srv1 to:192.168.1.3:1417 DNAT udp -- anywhere 65.161.127.70 udp dpt:timbuktu-srv2 to:192.168.1.3:1418 DNAT udp -- anywhere 65.161.127.70 udp dpt:timbuktu-srv3 to:192.168.1.3:1419 DNAT udp -- anywhere 65.161.127.70 udp dpt:timbuktu-srv4 to:192.168.1.3:1420 DNAT udp -- anywhere 65.161.127.70 udp dpt:7880 to:192.168.1.3:7880 To me it looks like it should work. When I try and do a telnet on the port number I get a connection refused. Is using an alias a problem? Bo Lynch _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos