Taylor Grant gtaylor at riverviewtech.net
Tue Apr 19 09:44:58 CEST 2005

> Hi guys, Im new to iptables.. hope someone can help me to this.
> The situation is this, I have a webserver running on a local network machine
> ( & I want it to be accessible outside my network. Is it
> possible?
> setup is like this:
> workstation ( ---> HUB ---> server ( LIVE IP, accessible
> everywhere on the net )
> when user access the live IP ex. can he forward to get the files on
> the worstation?

I think you are talking about simple port forwarding.  To accomplish this you would want to run such a set up on server / router / firewall.

iptables -t nat -A PREROUTING -i $INet_Interface -d -p tcp --dport $Port_of_Service -j DNAT --to-destination$Port_of_Service
iptables -t nat -A PREROUTING -i $INet_Interface -d -p udp --dport $Port_of_Service -j DNAT --to-destination$Port_of_Service
iptables -t nat -A POSTROUTING -o $LAN_Interface -d -p tcp --dport $Port_of_Service -j SNAT --to-source $Internal_IP_of_Server
iptables -t nat -A POSTROUTING -o $LAN_Interface -d -p udp --dport $Port_of_Service -j SNAT --to-source $Internal_IP_of_Server

This will take any TCP or UDP traffic that is coming in to the server to port $Port_of_Service and (port) forward it to where the traffic will be handled as if it were originally destined to the internal system.

