I need to punch a hole through iptables for an upload application that's going to sit on an internal machine. Most of what I've seen on the net are rules where only the destination IP is defined. Not quite what I want to happen. Here's what I want to do:
The firewall machine has a public IP on eth0. I'm going to add another on eth0:0 (in the future I'll continue adding to eth0:1, eth0:2, etc., etc.) and I would like requests coming in on that new address to route through the firewall to connect to the internal machine (which has a private IP.)
Must rules I find look like this (this example is for pcAnywhere):
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5631 -j DNAT --to-destination $PCANY iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5632 -j DNAT --to-destination $PCANY
iptables -t filter -A FORWARD -i eth0 -o eth1 -p tcp -m state --dport 5631 --syn --state NEW -j ACCEPT iptables -t filter -A FORWARD -i eth0 -o eth1 -p udp --dport 5632 -j ACCEPT iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
But that assumes the request comes in on the primary (eth0) address. How can I tell it to listen on the eth0:0 address/interface?
-- W | I haven't lost my mind; it's backed up on tape somewhere. +-------------------------------------------------------------------- Ashley M. Kirchner <mailto:ashley@xxxxxxxxxx> . 303.442.6410 x130 IT Director / SysAdmin / Websmith . 800.441.3873 x130 Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6 http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
