Re: Port forwarding - again ! :)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chinh Nguyen <cnguyen@certicom.com>
To: netfilter@lists.netfilter.org
Subject: Re: Port forwarding - again ! :)
Date: Thu, 02 Mar 2006 10:38:13 -0500	[thread overview]
Message-ID: <44071165.4020201@certicom.com> (raw)
In-Reply-To: <ZULUEcLsXJB7oDaSeXn000002df@zulu.barmen.nu>

Stian B. Barmen wrote:
> I am wondering how to enable port forwarding from a DMZ to an internal
> network. The machine forwarding is just a normal Linux machine, no firewall in
> the DMZ, and I want it to forward one port to an internal machine on the
> intenal network.
> 
> How to forward 1 port from a machine in dmz-network to internal network!
> 
> <internet>
> |
> <firewall>
> |
> <router> - <dmz network>
> |
> <internal network>
> I just used the command:
> iptables -t nat -A PREROUTING -p tcp -i eth0 -d 217.20.20.160 --dport 81 -j
> DNAT --to 10.22.0.79:8081
> 
> # cat /proc/sys/net/ipv4/ip_forward
> 1
> 
> Also I enabled ip_forward.
> 
> But when I try to connect to 217.20.20.160:81 it just times out waiting for an
> answer. Do I need more in this minimalistic setup to make it work?
> 
> Note, the ip addresses are bogus, but representative. (the 217 is public ip
> and the 10 is private)

My guess would be you also need a MASQUERADE rule on the POSTROUTING chain of
nat table. Without it, you have a connection from machine X to 217.20.20.160,
but you have get a reply from 10.22.0.79!

     prev parent reply	other threads:[~2006-03-02 15:38 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-03-02 12:21 Port forwarding - again ! :) Stian B. Barmen
2006-03-02 15:38 ` Chinh Nguyen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44071165.4020201@certicom.com \
    --to=cnguyen@certicom.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.