On Wednesday 24 December 2003 10:15 am, Antony Stone wrote:
> On Wednesday 24 December 2003 10:17 am, G.Laxman wrote:
> > Hi,
> >
> > Here I have one more public IP . ..ie. 61.11.10.12.. I need to map this
> > IP 61.11.10.12 to 192.168.1.10
> > and I want to allow only 80 port of 192.168.1.10 machine....... (Only web
> > request)
> >
> > I have tried the following command........but not working......
> >
> > iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -s 0.0.0.0/0 -d
> > 61.11.10.12 -j DNAT --to 192.168.1.10:80
>
> 1. Do you have a FORWARD rule allowing packets from external IPs to
> 192.168.1.12, TCP port 80?
>
> 2. Have you bound the extra external address 61.11.10.12 to eth1 on the
> firewall so that it answers arp requests for it as well as its primary
> address of 61.11.10.11 ?
>
> (ifconfig eth0:0 61.11.10.12 (deprecated) or ip addr add 61.11.10.12 dev
> eth0 (preferred)).
Oops :) Those examples should of course read eth1, not eth0....
> Antony.
--
The idea that Bill Gates appeared like a knight in shining armour to lead all
customers out of a mire of technological chaos neatly ignores the fact that
it was he who, by peddling second-rate technology, led them into it in the
first place.
- Douglas Adams in The Guardian, 25th August 1995
Please reply to the list;
please don't CC me.
