You might look into "shorewall" as an easy way to edit iptables stuff... http://www.shorewall.net/ > -----Original Message----- > From: psyche-list-admin@xxxxxxxxxx > [mailto:psyche-list-admin@xxxxxxxxxx] On Behalf Of Le Ngoc Thach > Sent: Friday, June 13, 2003 1:15 AM > To: psyche-list@xxxxxxxxxx > Subject: Re: How configure Iptable in RedHat 8.0 > > > Dear Michael Schwendt, > > I modifed "net.ipv4.ip_forward = 1" in file "/etc/sysctl.conf". > Then, I have found "/proc/sys/net/ipv4/ip_forward" is > always"1". It's > not wrong. > but "PREROUTING" does not work. > > Thach! > > Michael Schwendt wrote: > > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >On Thu, 12 Jun 2003 13:52:43 +0700, Le Ngoc Thach wrote: > > > > > > > >>I'm using iptables-1.2.6a-2 in RedHat 8.0 router, gateway > and firewall. > >>I can not configure to implement the case: > >>Ex: > >>- External IP of gateway is 203.162.4.1, this host is also > listening at > >>port 80 (Apache WebServer) and portal 8080 (Tomcat). > >>- Internal IP of gateway is 192.168.2.1 > >>- An other internal host is 192.168.2.2, this host is > listening at port > >>80 (IIS WebServer). > >> > >>I want a user can go to http://203.162.4.1:81 to access the internal > >>host 192.168.2.2 that IIS is running. > >>I have tried to use "PREROUTING" such as > >> > >>/sbin/iptables -A PREROUTING -t nat -d 203.162.4.1 -p tcp > --dport 81 -j > >>DNAT --to 192.168.2.2:80 > >> > >>(View my configuration iptable in attachment). > >> > >>but url "http://203.162.4.1:81"; does not work. If I try > "REROUTING" to > >>192.168.2.1 such as: > >>/sbin/iptables -A PREROUTING -t nat -d 203.162.4.1 -p tcp > --dport 81 -j > >>DNAT --to 192.168.2.1:8080 > >> > >>It's OK. Then, http://203.162.4.1:81 is TomCat HomePage. > >> > >>What is woring? Please help me! > >> > >> > > > >In your attached set of rules, your FORWARD chain does not allow the > >DNAT'ed traffic. Also, you didn't mention that you have set > >/proc/sys/net/ipv4/ip_forward to "1" manually or via sysctl or > >redhat-config-proc. > > > >- -- > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.2.2 (GNU/Linux) > > > >iD8DBQE+6HLi0iMVcrivHFQRAsK/AJ423apRaOIWm6q9RJEMwB2jvh8jlwCghVzV > >LSrXA9prrD0sXM/BfGK9OjY= > >=zq1s > >-----END PGP SIGNATURE----- > > > > > > > > > > > > -- > Psyche-list mailing list > Psyche-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/psyche-list > -- Psyche-list mailing list Psyche-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/psyche-list
