I am wondering how to enable port forwarding from a DMZ to an internal network. The machine forwarding is just a normal Linux machine, no firewall in the DMZ, and I want it to forward one port to an internal machine on the intenal network. Note, the DMZ machine has only one network card, the network with the internal machine is behind the firewall, and another router. Connectivity from the DMZ machine to the internal machine works. Here is my ipables: # Generated by iptables-save v1.3.4 on Tue Feb 28 14:24:10 2006 *nat :PREROUTING ACCEPT [1014:84065] :POSTROUTING ACCEPT [1243:92537] :OUTPUT ACCEPT [1237:92240] -A PREROUTING -d 217.20.20.160 -i eth0 -p tcp -m tcp --dport 81 -j DNAT --to-destination 10.22.0.79:8081 COMMIT # Completed on Tue Feb 28 14:24:10 2006 # Generated by iptables-save v1.3.4 on Tue Feb 28 14:24:10 2006 *filter :INPUT ACCEPT [124031010:45151447581] :FORWARD ACCEPT [12:576] :OUTPUT ACCEPT [155888838:182283994852] COMMIT # Completed on Tue Feb 28 14:24:10 2006 I just used the command: iptables -t nat -A PREROUTING -p tcp -i eth0 -d 217.20.20.160 --dport 81 -j DNAT --to 10.22.0.79:8081 # cat /proc/sys/net/ipv4/ip_forward 1 Also I enabled ip_forward. But when I try to connect to 217.20.20.160:81 it just times out waiting for an answer. Do I need more in this minimalistic setup to make it work? Note, the ip addresses are bogus, but representative. (the 217 is public ip and the 10 is private) Best regards Stian B. Barmen
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
