Greetings,
Dimitri Yioulos wrote:
Noob, question:
I want to allow a vendor to access a piece of equipment on our LAN
(192.168.100.46) through port 4000 from outside via a server in our
DMZ (www.xxx.yyy.zzz). While I should know how to do this, I'm not
100% sure. Can someone help?
DNAT.
for example:
iptables -t nat -A PREROUTING -d www.xxx.yyy.zzz -i eth1 -p tcp --dport
4000 -j
DNAT --to 192.168.100.46
iptables -t filter -A INETIN -d 192.168.100.46 -p tcp --dport 4000 -j ACCEPT
Oh, and separately, how would I allow that access only through the
vendor's ip address, if that were the way I decided to go?
for example:
iptables -t nat -A PREROUTING -s 1.2.3.4 -d www.xxx.yyy.zzz -i eth1 -p
tcp --dport 4000 -j DNAT --to 192.168.100.46
Regards,
--
Ritter
