-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 12 Jun 2003 13:52:43 +0700, Le Ngoc Thach wrote: > I'm using iptables-1.2.6a-2 in RedHat 8.0 router, gateway and firewall. > I can not configure to implement the case: > Ex: > - External IP of gateway is 203.162.4.1, this host is also listening at > port 80 (Apache WebServer) and portal 8080 (Tomcat). > - Internal IP of gateway is 192.168.2.1 > - An other internal host is 192.168.2.2, this host is listening at port > 80 (IIS WebServer). > > I want a user can go to http://203.162.4.1:81 to access the internal > host 192.168.2.2 that IIS is running. > I have tried to use "PREROUTING" such as > > /sbin/iptables -A PREROUTING -t nat -d 203.162.4.1 -p tcp --dport 81 -j > DNAT --to 192.168.2.2:80 > > (View my configuration iptable in attachment). > > but url "http://203.162.4.1:81"; does not work. If I try "REROUTING" to > 192.168.2.1 such as: > /sbin/iptables -A PREROUTING -t nat -d 203.162.4.1 -p tcp --dport 81 -j > DNAT --to 192.168.2.1:8080 > > It's OK. Then, http://203.162.4.1:81 is TomCat HomePage. > > What is woring? Please help me! In your attached set of rules, your FORWARD chain does not allow the DNAT'ed traffic. Also, you didn't mention that you have set /proc/sys/net/ipv4/ip_forward to "1" manually or via sysctl or redhat-config-proc. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+6HLi0iMVcrivHFQRAsK/AJ423apRaOIWm6q9RJEMwB2jvh8jlwCghVzV LSrXA9prrD0sXM/BfGK9OjY= =zq1s -----END PGP SIGNATURE----- -- Psyche-list mailing list Psyche-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/psyche-list
