From: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
To: black@arbbs.net
Cc: netfilter@lists.netfilter.org
Subject: Re: Destination Nat
Date: Fri, 28 May 2004 10:18:39 -0400 [thread overview]
Message-ID: <1085753919.14362.12.camel@localhost> (raw)
In-Reply-To: <40b742bf.c1.3d5a.1536727437@arbbs.net>
On Fri, 2004-05-28 at 09:46, black@arbbs.net wrote:
> Im running at red hat 9 and iptables 1.2.7
>
> im trying to direct web traffic to the web server on the
> inside.
> is [ iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0
> -j DNAT --to 5.6.7.8:8080 ] right?
>
> thanks
> john
That will direct all 80 /tcp packets for all addresses the station
listens on to 5.6.7.8:8080? Is that what you want or do you want to
redirect packets with a specific destination address?
If the public Internet address is not an IP address bound to the NAT
gateway, then you will need to add it, typically:
ip address add 1.1.1.2/24 dev eth0 brd +
Finally, NAT is not access control. Once the packeted hits the filter
chain, you will need something, default policy or, preferable a rule,
which allows access to 5.6.7.8 on TCP port 8080. Hope that helps - John
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net
next prev parent reply other threads:[~2004-05-28 14:18 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-28 13:46 Destination Nat black
2004-05-28 14:18 ` John A. Sullivan III [this message]
2004-05-28 15:17 ` Iptables/Iproute2/Load-Balancing 2 Broadband Connections michael
-- strict thread matches above, loose matches on Subject: below --
2004-06-04 16:14 Destination Nat black
2004-06-04 16:44 ` John A. Sullivan III
2004-06-04 15:45 black
2004-06-04 16:14 ` John A. Sullivan III
2004-06-02 15:20 Piszcz, Justin Michael
2004-05-28 14:18 black
2004-05-29 1:56 ` John A. Sullivan III
2004-06-02 3:38 ` John Black
2004-06-02 11:19 ` John A. Sullivan III
2004-06-02 11:53 ` John Black
2004-06-02 15:13 ` Alistair Tonner
2004-01-28 20:45 Destination NAT Ale Zeta
2004-01-28 14:21 Alejandro Zaidel
2004-01-29 9:13 ` Antony Stone
2004-01-29 9:47 ` Ray Leach
2004-01-29 9:46 ` Antony Stone
2003-03-14 11:01 Sathi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1085753919.14362.12.camel@localhost \
--to=john.sullivan@nexusmgmt.com \
--cc=black@arbbs.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.