Trying to set up NAT

Harold Burchey harold.a.burchey at uts.edu.au
Fri Apr 1 17:34:59 CEST 2005


On Fri, 01 Apr 2005 17:09:43 +0200
Christoph Galuschka <christoph.galuschka at tikom.at> wrote:

> ie: A connection to the proxy (10.1.1.1) on port 15000 should 
> go to another machine (10.1.1.2) on port 80 via the proxy.

I recently set up my DNAT. There was one 'gotcha' that certainly got me.
>From the symptoms you're describing you may be having the same problem.
Basically when you use DNAT to forward packets, be sure that your
firewall is also configured to pass them.

A lot of websites recommend a simple firewall which drops all packets
that aren't related or established, but these are the exact packets
which need to be passed if you have a server behind your firewall and
want to pass new connections to it.

Here are a couple of lines of code that might help:

iptables -t nat -A PREROUTING -p tcp --dport 15000 -j DNAT --to-destination 10.1.1.2:80
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT 

On the other hand, I'm only taking a stab in the dark here. If you
posted the relevent snippets of code you may get more useful responses.



More information about the netfilter mailing list