Port forwarding with iptables
KUCKAERTZ Régis - NVISION
regis at nvision.lu
Wed Sep 1 17:47:49 CEST 2004
Hello,
Our ISP only allows connections coming from a well-defined list of IP
addresses. Since we must be able to log on to our servers no matter where we
are, I just thought using iptables on one host having one of the authorized
IP addresses would be the solution.
So I went on reading iptables docs and howtos, but as you might guess I
couldn't stand how to do it exactly. Let's put it correctly stated: every
incoming connection to, say, port 3999 of my host ($HOST_IP) should be
forwarded to port 123 of the protected server ($SERVER_IP). I tried the
following two rules:
$IPTABLES -t nat -A PREROUTING -p tcp --dst $HOST_IP --dport 3999 -j DNAT
--to-destination $SERVER_IP:123
This one should do the forwarding
$IPTABLES -t nat -a POSTROUTING -p tcp --dst $SERVER_IP --dport 123 -j
MASQUERADE
... and this one should masquerade
As I'm new to iptables, I don't know at that time every aspect that I must
be careful of, so as a first tip can anybody tell me what would the exact
solution be?
I have set IP forwarding to 1 in /proc/sys/net/ipv4/ip_forward
Best regards,
Régis KUCKAERTZ
-----------------------------------------
NVISION sa - Luxembourg
Internet Services & Network Programming
50, rue des Prés
L-7333 Steinsel
Tél: (+352) 26 34 09 08
Fax: (+352) 26 34 09 07
http://www.nvision.lu/
More information about the netfilter-devel
mailing list