Doubt about forwarding. Please, Help me!

Francesco Ciocchetti primero at fastwebnet.it
Thu Jul 14 20:46:51 CEST 2005


Morales Carlos wrote:

>Hello. I have a firewall blocking all the traffic from the Internet to my local network, but I need to let an external host (extHOST) to access the port 8888 (for example) of an internal host (intHOST). Is this correct? The external lan adapter is eth1.
>
> /sbin/iptables -t nat -A PORTFW -p tcp -i eth1 -s extHOST --dport 8888 -j DNAT --to-destination intHOST:8888
>
>Thaks, please email me to cmmorales at mail.com 
>Carlos
>
>
>
>
>  
>
As long as in PREROUTING Chain of nat table there is a JUMP to PORTFW it
is ok.

What you need is to have a DNAT in nat table PREROUTING chain , and a
rule to allow traffic to the DNATTED dst port 8888 in the filter table
FORWARD chain.

Bye
Francesco



More information about the netfilter mailing list