Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

iptables help needed 1

Status
Not open for further replies.
QatQat

QatQat

IS-IT--Management
Nov 16, 2001
1,031
IT
Hi everyone,


Here is my setup,


192.168.1.0/24 LAN
|
|
|
192.168.1.1
Linux Gateway--------------eth1--INTERNET
eth0
Internal Interface
|
|
|
192.168.1.6/24
Web Server



The web server is IIS on Windoz Server, due to an app already developed using ASP therefore I cannot run the page on the linux box.
I have got masquerading enabled on the gateway. This is the only rule I have setup.

How can I do this with IPtables?


Thank you


Qatqat


The reason why my girlfriend can read my thoughts is because mine are properly written! (G.Lepore)
 
Sort by date Sort by votes
One issue - both the internal segment and the webserver segment (DMZ) are the same subnet: 192.168.1.0. This would be quite akward to set up so it'll be best to use two subnets - say: 192.168.1.0 and 192.168.2.0
 
Upvote 0 Downvote
I am guessing your trying to forward port 80?

Here is what you do:


iptables -A FORWARD -i eth0 -d external ip -p tcp --dport 80 -j ACCEPT
(Port 80 is webserver port. It can be any port #)

iptables -t nat -A PREROUTING -i eth0 -d external ip -p tcp --dport 80 -j DNAT --to-destination internal webserver ip

iptables -t nat -A OUTPUT -d internal gateway ip -p tcp --dport 80 -j DNAT --to-destination external ip


So for what you have above:

iptables -A FORWARD -i eth0 -d internet ip -p tcp --dport 80 -j ACCEPT

iptables -t nat -A PREROUTING -i eth0 -d internet ip -p tcp --dport 80 -j DNAT --to-destination 192.168.1.6

iptables -t nat -A OUTPUT -d 192.168.1.1 -p tcp --dport 80 -j DNAT --to-destination internet ip

Then see if it works!!!
Note: Unless you save your IPtables config you will need to do this everytime you reboor the gateway...


 
Upvote 0 Downvote
Thanks a lot PC Guru,


Straight to teh point.
I don't have to learn iptables as I alreay use it normally; I just could not figure out how to achieve this.


Thank you again.


Bye




The reason why my girlfriend can read my thoughts is because mine are properly written! (G.Lepore)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
307
Krus1972
Krus1972
harro1968
  • Locked
  • Question
Help with ProxyPass
Replies
0
Views
202
harro1968
harro1968
mjj4golf2
  • Locked
  • Question
Help with setting up a media server
Replies
2
Views
273
vacunita
vacunita
daniel.warner
  • Locked
  • Question
Desperately need help setting up wildcard certs on Apache/Tomcat
Replies
2
Views
295
daniel.warner
daniel.warner
Agent0007
  • Locked
  • Question
HELP Traffic Control of IP
Replies
2
Views
192
Agent0007
Agent0007

Part and Inventory Search

Sponsor

Back
Top