Redirect
JVD
bono@wol.be
Wed, 3 Oct 2001 12:11:42 +0200
>
> ----- Original Message -----
> From: "Astrit Zhushi" <astrit@albalinux.org>
> To: <netfilter@lists.samba.org>
> Sent: Wednesday, October 03, 2001 11:38 AM
> Subject: Redirect
>
>
> > Greetings to the list
> >
> > I apologize if this kind of question was posted before
> >
> > I have I gateway machine with two interfaces eth0 10.10.0.0/24 and eth1
> > RealIP.
> > On the network 10.10.0.0/24 I have an web server 10.10.0.133, what I'm trying
> > to do is so that all packets comming to REALIP:80 to be redirected to
> > 10.10.133:80.
> > I'm using linux2.4.10 with iptables1.2.1a
> >
> > Dose this work ??
> >
> yes,
> $IPTABLES -A PREROUTING -i $EXT_IF -s 0.0.0.0/0 --sport 1024:65535 \
> -p tcp -dport 80 -j DNAT --to-destination 10.10.0.133:80
oups, this was not really good
$IPTABLES -A PREROUTING -i $EXT_IF -p tcp \
-s 0.0.0.0/0 --sport 1024:65535 \
-d $EXT-IP --dport 80 \
-j DNAT --to-destination 10.10.0.133:80
is better.
>
> Pay attention
> if your gateway is not 10.10.0.133 : there will be packets coming from EXT_IF destined to 10.10.0.133 on port 80 in your forward
> chains.
> $IPTABLES -A FORWARD -i $EXT_IF -p tcp -s 0.0.0.0/0 --sport 1024:65535 -d 10.10.0.133 --dport 80 \
> -m state --state NEW -j ACCEPT
> if your gateway is 10.10.0.133 : there will be packets coming from EXT_IF destined to 10.10.0.133 on port 80 in your input chains.
> $IPTABLES -A INPUT -i $EXT_IF -p tcp -s 0.0.0.0/0 --sport 1024:65535 -d 10.10.0.133 --dport 80 \
> -m state --state NEW -j ACCEPT
> So you should use one of these rule too.
>
> i hope i'm not wrong
>
> Regards,
> Jean
> >
> > Best Regards
>