[Firewall] Help: setting up port-forwarding

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Mon Nov 5 05:01:41 MST 2007


You never need to specify an additional OPEN_xxx for a port forward is 
this the forwarding is performed in the prerouting chain. So in this 
case OPEN_TCP="22" is useless....

a.

Niklas wrote:
> On Sat, 3 Nov 2007 21:47:11 +0100, Neptunek wrote:
>> 2007/11/2, Philip Prindeville <philipp_subx at redfish-solutions.com>:
>>
>>> Ok, well, since there's no Howto or FAQ available, I'll just put
>>> the question out there about what I want to do.
>>>
>>>
>> FAQ: (http://rocky.eld.leidenuniv.nl/page/iptables/qafaq.htm) Q:  I
>> want to forward (DNAT) from port 81 on my the firewall machine to
>> port 80 on a local host (192.168.0.3). How can I do this? A: You
>> can do this in almost the same way is a normal forward, only thing
>> you need to add is :81 to the localhost in the TCP_FORWARD /
>> UDP_FORWARD variables. In this case it would become
>> "81>192.168.0.3:80"
>>
>>> Here's where things get a little more complicated.  I want to
>>> relocate Ssh as:
>>>
>>> 2201>192.168.1.1:22
>>> 2202>192.168.1.2:22
>>> 2203>192.168.1.3:22
>>>
>> So this is correct and NAT_TCP_FORWARD = 2201>192.168.1.1:22 must
>> work good, but I don't check it :)
> 
> It does work if you open port 22 in the OPEN_TCP line as well, otherwice it will be blocked by the firewall. So i can't give you any help... Maybe do a portforward of 22 to something that is not in use...
> 
> /niklas
> 
> _______________________________________________
> Firewall mailing list
> Firewall at lists.btito.net
> http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list