0 > On Thu, 2004-04-15 at 15:57, Nick Vazirianis wrote: >> iptables v1.2.8 >> Linux Fedora Core 1 >> Kernel 2.6.3 >> >> I am having some trouble getting port forwarding within the attached >> script. >> Please refer the line starting # enable port forwarding for >> BitTorrent >> Incoming packets to these ports are being dropped (and logged) by the >> section lower down in the script, I have tried adding the enable port >> forward section in different parts of the script, but this makes no >> difference. >> >> could soneone please help, I even tried adding the line >> $IPTABLES -A INPUT -i $EXT_IF -p tcp --dport 6881:6885 -j ACCEPT >> but i believe this only allows incoming into the firwall and not >> redirecting to another host >> >> someone please help > Maybe the source s not 6881 ... > $IPTABLES -A FORWARD -s 6881 -p tcp --dport 6881 -j ACCEPT > try > $IPTABLES -A FORWARD -p tcp --dport 6881 -j ACCEPT > instead > -- > -- > Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> > Network Support Specialist > http://www.knowledgefactory.co.za > "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" > Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 > -- > If i understood well , you have a linux firewall with a dmz ip and you want to redirect traffic from a real ip to lan ip of your network.If i am correct then you should do : iptables -t nat -F iptables -t nat -A POSTROUTING -o dmzinterface -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -d dmzip --dport 6181 -j DNAT --to lanip:6181 iptables -t nat -A PREROUTING -p tcp -d dmzip --dport 6182 -j DNAT --to lanip:6182 etc etc dmzinterface is the interface with the real ip eg eth0 -- Alexander Economou
