From: bdameron@tscnet.net
To: netfilter@lists.netfilter.org
Subject: Re: Packet forwarding.
Date: Wed, 7 Apr 2004 13:04:17 -0700 [thread overview]
Message-ID: <1081368257.40745ec12d828@mail.tscnet.net> (raw)
In-Reply-To: <200404071837.29160.Antony@Soft-Solutions.co.uk>
Quoting Antony Stone <Antony@Soft-Solutions.co.uk>:
> On Wednesday 07 April 2004 6:25 pm, bdameron@tscnet.net wrote:
>
> > > If you tell us what your rules are and give us some more detail about
> > > your network setup, we might be able to help, however a better solution
> > > for you is to look at some of the excellent documentation available to
> > > learn how to do it yourself. This is not a hard problem, and you will
> be
> > > able to manage your system much better in future if you understand more
> > > about how it works.
> > >
> > > One very important detail which is not clear from your description above
> > > is: where is the "client machine" located?
> >
> > Client machine being anyone from the outside world. And I have looked
> > over some of the documentation. Basically there is no current firewall
> > policies. Just want anything coming in on xxx.xxx.xxx.xxx:443 (Internet
> > Machine) to be routed to 10.10.1.110:443 (Internal Lan Machine).
> >
> > Looks like I need to mangle the packet header so that the Lan machine
> thinks
> > that the Internet machine is sending the packet and then have the Internet
> > machine redirect the packet to the client. Client again being someone on
> the
> > Internet. Not sure if this can be done or not. Correct me if I am wrong.
>
> With all due respect, yes, you are very wrong. This is a simple "nat +
> forward" situation.
>
> Since you haven't said what your ruleset is, I shall assume none, and give
> you
> an example of how to make work what you have asked for:
>
> iptables -F
> iptables -F -t nat
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -i eth0 -p tcp --dport 443 -d 10.10.1.110 -j ACCEPT
> iptables -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 10.10.1.110
>
> If eth0 is not your external interface then change it in the above two rules
>
> for whatever your external interface is.
>
> Regards,
>
> Antony.
>
I found an easier way to do this. xinetd can do port redirect. Worked perfectly.
Thanks for your help.
--
Thank you,
Brad Dameron
next prev parent reply other threads:[~2004-04-07 20:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-07 17:00 Packet forwarding bdameron
2004-04-07 17:14 ` Antony Stone
2004-04-07 17:25 ` bdameron
2004-04-07 17:37 ` Antony Stone
2004-04-07 20:04 ` bdameron [this message]
2004-04-07 20:30 ` Antony Stone
2004-04-07 17:28 ` Alexis
-- strict thread matches above, loose matches on Subject: below --
2003-06-25 15:27 packet forwarding Drake Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1081368257.40745ec12d828@mail.tscnet.net \
--to=bdameron@tscnet.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.