I modifed "net.ipv4.ip_forward = 1" in file "/etc/sysctl.conf".
Then, I have found "/proc/sys/net/ipv4/ip_forward" is always"1". It's not wrong.
but "PREROUTING" does not work.
Thach!
Michael Schwendt wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 12 Jun 2003 13:52:43 +0700, Le Ngoc Thach wrote:
I'm using iptables-1.2.6a-2 in RedHat 8.0 router, gateway and firewall. I can not configure to implement the case: Ex: - External IP of gateway is 203.162.4.1, this host is also listening at port 80 (Apache WebServer) and portal 8080 (Tomcat). - Internal IP of gateway is 192.168.2.1 - An other internal host is 192.168.2.2, this host is listening at port 80 (IIS WebServer).
I want a user can go to http://203.162.4.1:81 to access the internal host 192.168.2.2 that IIS is running. I have tried to use "PREROUTING" such as
/sbin/iptables -A PREROUTING -t nat -d 203.162.4.1 -p tcp --dport 81 -j DNAT --to 192.168.2.2:80
(View my configuration iptable in attachment).
but url "http://203.162.4.1:81"; does not work. If I try "REROUTING" to 192.168.2.1 such as: /sbin/iptables -A PREROUTING -t nat -d 203.162.4.1 -p tcp --dport 81 -j DNAT --to 192.168.2.1:8080
It's OK. Then, http://203.162.4.1:81 is TomCat HomePage.
What is woring? Please help me!
In your attached set of rules, your FORWARD chain does not allow the DNAT'ed traffic. Also, you didn't mention that you have set /proc/sys/net/ipv4/ip_forward to "1" manually or via sysctl or redhat-config-proc.
- -- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+6HLi0iMVcrivHFQRAsK/AJ423apRaOIWm6q9RJEMwB2jvh8jlwCghVzV LSrXA9prrD0sXM/BfGK9OjY= =zq1s -----END PGP SIGNATURE-----
-- Psyche-list mailing list Psyche-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/psyche-list
