On Fri, 2004-05-28 at 09:46, black@xxxxxxxxx wrote: > Im running at red hat 9 and iptables 1.2.7 > > im trying to direct web traffic to the web server on the > inside. > is [ iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 > -j DNAT --to 5.6.7.8:8080 ] right? > > thanks > john That will direct all 80 /tcp packets for all addresses the station listens on to 5.6.7.8:8080? Is that what you want or do you want to redirect packets with a specific destination address? If the public Internet address is not an IP address bound to the NAT gateway, then you will need to add it, typically: ip address add 1.1.1.2/24 dev eth0 brd + Finally, NAT is not access control. Once the packeted hits the filter chain, you will need something, default policy or, preferable a rule, which allows access to 5.6.7.8 on TCP port 8080. Hope that helps - John -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
