Re: iptables and NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tuesday 25 January 2011 08:13 PM, Tim wrote:
> On Tue, 2011-01-25 at 19:33 +0530, Jatin K wrote:
>> I've tested this function through other ISP  ( from my other branch )
>> .... and also checked it from my phone on 3G network
> Then, you've got several things to think about:
>
> Firewall.  Is it getting in the way, before or after the NAT rule?
>
> Is there something before your computer (e.g. a modem/router)?  Does it
> need configuring to let it through.
yes there is ADSL router ..... which forwards port 80 from wan to lan 80 
(  means to port 80  on firewall )

setup is like    ADSL----> NIC 1 of firewall  NIC 2 connects to the 
webserver

if any request arrives to live ip on ADSL Router it sends it to the 
firewall ( I've tested it by running httpd on firewall and it works fine )


> Is your webserver listening for connections on all interfaces?
>
yes

> Once you get it going, I'd go back and refine your NAT rule.  Do you
> want all ports to be NATed through, or just port 80?
>

I just want only port 80 to be NATed   ( if request arrives on port 80 
on my live ip it should be nated to the entire webserver through firewall )


> By way of example, I've just copied (below) a few rules that I have on
> an old Fedora box, back from when I was using dial-up.  Those narrowed
> down connections to only TCP, particular TCP port numbers, particular
> interfaces, and/or particular source addresses.
>
>
> iptables --table nat --append PREROUTING --protocol tcp --destination-port 80 --jump DNAT --to-destination 192.168.1.1:80
I've done the same thing like you said

iptables -t nat -A PREROUTING -d xx.xx.xx.xx -t tpc --dport 80 -j DNAT 
--to-destination 192.168.131.131

> iptables --table nat --append PREROUTING --protocol tcp --in-interface ppp+ --source 2.3.4.5 --destination-port 80 --jump DNAT --to-destination 192.168.1.1:80
>
> iptables --table nat --append PREROUTING --protocol tcp --in-interface ppp+ --source 0.0.0.0/0 --destination-port 443 --jump DNAT --to-destination 192.168.1.6:443
>



-- 
   °v°
  /(_)\
   ^ ^  Jatin Khatri
Registerd Linux user No #501175
www.counter.li.org
No M$

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux