I know the other list is for netfilter stuff but heck, if I can help I'll give it a try... Here is a more general script that should work: ************************************************************** #!/bin/sh EX_IP="11.22.33.55" IN_IP="192.168.1.253" IPTABLES="/sbin/iptables" # # Be sure to modprobe the modules you need here - an exercise # for the reader. # echo "Zeroing all iptables, deleting all user defined chains" $IPTABLES -F $IPTABLES -X $IPTABLES -t nat -F $IPTABLES -t nat -X $IPTABLES -t mangle -F $IPTABLES -t mangle -X echo "Setting up default policies to ACCEPT" $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT echo "setting up masquerading rules" IPTABLES -t nat -A PREROUTING -d $EX_IP -j DNAT --to $IN_IP IPTABLES -t nat -A POSTROUTING -s $IN_IP -j SNAT --to $EX_IP echo "Turning on IP forwarding" echo "1" > /proc/sys/net/ipv4/ip_forward exit **************************************************************** Note that this rule set provides absolutely no security. Any packet, any protocol, any port of any protocol (for protocols like TCP and UDP that have ports) that comes in bound for EX_IP will be NAT-ed and redirected to IN_IP. And any new conversation initiated by IN_IP will be masqueraded to look to the outside world like it came from EX_IP. Also note, I copied and pasted this from sections of my own firewall script. I have not tested the above script anyplace, so take that for what it's worth. - Greg -----Original Message----- From: Stef Coene [mailto:stef.coene@docum.org] Sent: Saturday, June 01, 2002 2:38 AM To: Tony Earnshaw; Neil Aggarwal Cc: Linux Advanced Routing & Traffic Control List Subject: Re: [LARTC] How to > In as much as this is a perfectly normal use of Netfilter (iptables), I > reckon that you're asking in the wrong group. Copy-paste can never hurt :) iptables -t nat -A PREROUTING -p tcp -d $EX_IP --dport 8080 -j DNAT --to 192.168.1.253:80 All traffic entering the external ip of my firewall on port 8080 is forwarded to my internal web-server. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
