iptables question 1

cricketbuff8213 · Jan 25, 2008

can someone tell me what does the following line mean ? sorry my background is checkpoint

EXTERNAL_WEB_SERVER=151.200.87.181
INTERNAL_WEB_SERVER=192.168.1.22
iptables -t nat -A PREROUTING -p tcp -d $EXTERNAL_WEB_SERVER --dport https -j DNAT --to $INTERNAL_WEB_SERVER:10000

iptables -t nat -A PREROUTING -p tcp -s 210.245.110.133 -d $EXTERNAL_WEB_SERVER --dport 4141 -j DNAT --to $INTERNAL_WEB_SERVER:80

IRudebwoy · Jan 26, 2008

This block sets two variables with IP Addresses

Code:

EXTERNAL_WEB_SERVER=151.200.87.181
INTERNAL_WEB_SERVER=192.168.1.22

This line sets a Destination NAT (DNAT). Any TCP packet received by this machine destined for port 443 (https) at 151.200.87.181 will be rewritten to a new destination, port 10000 at 192.168.1.22.

Code:

iptables -t nat -A PREROUTING -p tcp -d $EXTERNAL_WEB_SERVER --dport https -j DNAT --to $INTERNAL_WEB_SERVER:10000

Another DNAT. Only TCP packets from 210.245.110.133 destined for port 4141 at 151.200.87.181 will be rewritten to port 80 (http) at 192.168.1.22.

Code:

iptables -t nat -A PREROUTING -p tcp -s 210.245.110.133 -d $EXTERNAL_WEB_SERVER --dport 4141 -j DNAT --to $INTERNAL_WEB_SERVER:80

Then the packets are passed to the FORWARD chain (and so on) for further processing. Like so

Inbound -> PREROUTING -> FORWARD -> POSTROUTING -> Outbound

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

iptables question 1

cricketbuff8213

MIS

IRudebwoy

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor