On Tue, 2008-04-15 at 08:47 -0400, James Pifer wrote: > I've also tried to get port forwarding working with iptables, figuring > it would be more stable, but I could not get it to work. Even if I > open iptables wide open it doesn't work for me. Here are the commands > I've tried: > > /sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.1.30 --dport 443 -j DNAT --to 192.168.1.40:445 > /sbin/iptables -A FORWARD -p tcp -d 192.168.1.30 --dport 443 -j ACCEPT You've got different port numbers on the top line. > The examples of forwarding I've seen usually include -i plus the > interface, like -i eth0. I do not have this in there because the > address I need it associated to is a virtual, so it's eth0:2 for > example. After running the commands above I can run iptables -L and it > looks ok. > > Any suggestions or recommendations are appreciated. Yonks ago, I had iptables rule set up on a PC which used dial-up networking to connect to my ISP, and had rules to connect people to a webserver on an internal machine at 192.168.1.1, and onto a different port (they asked for 8000, and were put through to 80). It sounds a similar situation to the rules you'd written above, mine were like the following, and without any "FORWARD" rules. iptables --append INPUT --jump ACCEPT --protocol tcp --in-interface ppp+ --destination-port 8000 iptables --table nat --append PREROUTING --protocol tcp --in-interface ppp+ --destination-port 8000 --jump DNAT --to-destination 192.168.1.1:80 For complex rules, I always stuck to the long form, rather than use abbreviations. They make it simpler to follow, without having to refer back to the manual for explanations. But they're equivalent. -- (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
