From: "Gunnar Frödin" <gunnar68@gunfro.com>
To: netfilter@lists.netfilter.org
Subject: Port forwarding.
Date: Mon, 28 Jun 2004 11:16:40 +0200 [thread overview]
Message-ID: <001301c45cf0$9f7cf710$6600a8c0@simba> (raw)
Hi all.
I'm trying to setup a firewall/port forwarder but can't get things going.
Some facts:
LAN is my internal network and WAN is external.
I have a static ip# on WAN and LAN.
Access to SSH on firewall works.
IP Forwarding and NAT from LAN to WAN works :-)
The problem:
On my LAN i have another machine with web, mail, ftp-server(192.168.0.100)
witch have to be accessible from the WAN.
But I just cant get it working.
Question:
At http://iptables-tutorial.frozentux.net/iptables-tutorial.html#DNATTARGET
(Oskar Andreasson) says
Quote
"This last rule will seriously harm your logging, so it is really advisable
not to use this method, but the whole example is still a valid one for all
of those who can't afford to set up a specific DMZ or alike. What will
happen is this, packet comes from the Internet, gets SNAT'ed and DNAT'ed,
and finally hits the HTTP server (for example). The HTTP server now only
sees the request as if it was coming from the firewall, and hence logs all
requests from the internet as if they came from the firewall."
End quote.
Is there some way to do this so the logging sees the "right" IP# ???
Regards Gunnar Frödin (Sweden)
One more thing: I'm trying all this out with WMware(www.vmware.com/),
Virtual Machine Software, but I havent read anything about some limitations
with that.
# DNAT/SNAT Port Forwarding
# this is the prerouting dnat
iptables -A PREROUTING -t nat -p tcp -d 217.215.x.x --dport 25 -j
DNAT --to-destination 192.168.0.100:25
# This allows packets from external->internal
iptables -A FORWARD -p tcp -i eth0 -o eth1 -d 192.168.0.100 --dport 25 -m
state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# This allows packets from internal->external
iptables -A FORWARD -p tcp -i eth1 -o eth0 -s 192.168.0.100 --sport 25 -m
state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# This enables access to the 'public' server from the internal network
iptables -A POSTROUTING -t nat -p tcp -d 192.168.0.100 -s
192.168.0.0/24 --dport 25 -j SNAT --to-source 192.168.0.100:25
next reply other threads:[~2004-06-28 9:16 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-28 9:16 Gunnar Frödin [this message]
2004-06-28 9:57 ` Port forwarding Antony Stone
2004-06-28 10:18 ` Gunnar Frödin
2004-06-28 10:34 ` Antony Stone
2004-06-28 12:20 ` Gunnar Frödin
2004-06-28 12:52 ` Antony Stone
2004-06-28 13:21 ` Gunnar Frödin
-- strict thread matches above, loose matches on Subject: below --
2009-10-11 13:56 Port Forwarding jen140
2009-10-11 2:00 jen140
2009-10-11 0:30 jen140
2009-10-11 1:36 ` John A. Sullivan III
2009-10-11 8:16 ` Brian Austin - Standard Universal
2009-10-11 8:37 ` Pascal Hambourg
2009-05-28 19:50 Barry A Rich
2009-06-05 13:47 ` Aleksander Kamenik
2008-12-12 23:33 Port forwarding Błażej Ślusarek
2008-12-13 16:36 ` Elvir Kuric
2009-02-04 17:48 ` Błażej Ślusarek
2009-02-04 18:38 ` Ivan Petrushev
2007-06-12 15:26 Claudio Scordino
2007-06-12 18:08 ` Linus Torvalds
2007-06-12 18:12 ` Alex Riesen
2006-02-28 13:27 Stian B. Barmen
2005-02-23 8:36 port forwarding DurgaPrasad Adusumalli
2004-11-16 17:01 port Forwarding diadicic
2004-11-16 16:44 diadicic
2004-11-16 16:48 ` Jason Opperisano
2004-10-28 4:30 Port forwarding Mike
2004-10-28 12:50 ` Jason Opperisano
[not found] <20040917135140.AE3C66A5@mail.817west.com>
2004-09-17 13:57 ` Jason Opperisano
2004-09-17 14:09 ` KUCKAERTZ Régis - NVISION
[not found] ` <-4718906956710508172@unknownmsgid>
2004-09-19 10:06 ` Mohamed Eldesoky
[not found] <20040917132253.B6B1E6A5@mail.817west.com>
2004-09-17 13:33 ` Jason Opperisano
2004-09-17 13:52 ` KUCKAERTZ Régis - NVISION
[not found] <20040917123138.EC8FE6A5@mail.817west.com>
2004-09-17 12:55 ` Jason Opperisano
2004-09-17 13:23 ` KUCKAERTZ Régis - NVISION
2004-09-17 12:32 KUCKAERTZ Régis - NVISION
2003-12-04 5:43 Forwarding and masquerading got broken Lawrence G. Hunsicker
2003-12-03 8:26 ` Port Forwarding Remus
2003-12-03 8:44 ` Rob Sterenborg
2003-12-03 8:44 ` Ray Leach
2003-12-03 16:27 ` Mark E. Donaldson
2003-12-03 16:38 ` Rimas
2003-12-03 16:27 Mark E. Donaldson
2003-10-29 2:24 Fritz Mesedilla
2003-10-28 13:12 Babar Kazmi
2003-10-28 12:49 Gaby Schilders
2003-10-27 22:17 Jason Mallory
2003-10-28 10:54 ` Rob Sterenborg
2003-09-26 8:37 Aris Santillan
2003-07-23 6:41 port forwarding George Vieira
2003-07-23 6:06 Sathi
2003-07-23 8:02 ` Nils Juergens
2003-06-05 23:08 Port forwarding George Vieira
2003-06-04 19:53 Question about nfmark Cedric Blancher
2003-06-05 9:48 ` Port forwarding Dhyanesh Ramaiya
2003-06-06 8:15 ` Philip Craig
2003-06-06 10:23 ` Dhyanesh Ramaiya
2003-04-27 9:09 port forwarding Fox
2003-04-27 9:37 ` Rob Sterenborg
2003-04-24 5:58 Port Forwarding Brei, Matt
2003-04-24 17:26 ` Dan Egli
2003-04-24 5:20 Port forwarding Brei, Matt
2002-12-05 20:56 port forwarding Maxim Berlin
2002-12-07 7:16 ` Andrew Smith
2002-12-07 12:11 ` Roy Sigurd Karlsbakk
2002-12-07 13:03 ` Andrew Smith
2002-12-07 13:45 ` Roy Sigurd Karlsbakk
2002-12-07 14:14 ` Andrew Smith
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='001301c45cf0$9f7cf710$6600a8c0@simba' \
--to=gunnar68@gunfro.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.