[Nottingham] Port forwarding with iptables

Steve Goodliff nottingham at mailman.lug.org.uk
Wed Apr 30 12:51:02 2003


> -----Original Message-----
> From: nottingham-admin@mailman.lug.org.uk
> [mailto:nottingham-admin@mailman.lug.org.uk]On Behalf Of Robert Davies
> Sent: 29 April 2003 17:52
> To: nottingham@mailman.lug.org.uk
> Subject: Re: [Nottingham] Port forwarding with iptables
>
>
> On Tuesday 29 Apr 2003 17:24, Phil Lakin wrote:
> > On Tue, 2003-04-29 at 17:09, Steve Goodliff wrote:
>
> > I've not actually tried this, but it should work.. Port forwarding under
> > iptables caused me a fair bit of grief recently..
> >
> > Maybe Rob has some better ideas ?
>
> Well considering the routers are providing internet access, and
> the RH box
> seems to be a router to, why use port forwarding for admin
> access?  They have
> ports reachable in Internal network, so it seems over-egging the pudding.
>
> If the routers don't know about the 10/8 Internal network at all,
> then all
> access to them will need to be masqueraded and appear to come from the RH
> router.
>
> Rob
>

Hello All,

Thanks very much for the help. I've managed to solve my problem this way.

-A PREROUTING -d 10.1.1.2 -i eth1 -p tcp -m tcp --dport 80 -j
DNAT --to-destination 192.168.1.1:80
-A PREROUTING -d 10.1.1.2 -i eth1 -p tcp -m tcp --dport 8080 -j
DNAT --to-destination 192.168.254.254:80
-A POSTROUTING -d 192.168.1.1 -o eth2 -j SNAT --to-source 192.168.1.212
-A POSTROUTING -d 192.168.254.254 -o eth0 -j SNAT --to-source
192.168.254.200

Next stop load balancing across them :)

SteveG