[H-GEN] IPTables port forwarding

Bradley Marshall brad at humbug.org.au
Sat Apr 19 00:47:00 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Sat, Apr 19, 2003 at 01:46:54PM +1000, Sandra Milne wrote:
> I want to forward a port to an internal computer on my home LAN. i've 
> perused the IPTables man page and come up with the following rules. I was 
> wondering if anyone could check that I've done them correctly. They're to 
> be entered into a script I already have that has the $IPTABLES, $EXTIF, and 
> $INTIF already setup.
> 
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 5206 -m state 
> --state ESTABLISHED,RELATED,NEW -j ACCEPT
> 
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --dport 5206 -m state 
> --state ESTABLISHED,RELATED,NEW -j ACCEPT
> 
> comments/improvements/flames/rtfm appreciated.

What you're doing there isn't port forwarding, its letting
the packets go though if you have a routed network.  For port
forwarding, you need something like:

$IPTABLES -t nat -A PREROUTING -i $EXTIF -o $INTIF -p tcp --dport 5206 -j DNAT --to $INTBOX
$IPTABLES -t nat -A PREROUTING -i $EXTIF -o $INTIF -p udp --dport 5206 -j DNAT --to $INTBOX

where $INTBOX is the IP of your internal box.  I've used rules like this
successful to let people connect into internal game servers, forward for
webservers etc.

I'm not sure if thats what you wanted, but thought it useful to point out
anyway.

Thanks,
Brad
-- 
         +=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
         | Bradley Marshall    | http://www.humbug.org.au/~brad |
         | System/Network Admin|      brad at humbug.org.au        |
         | Plugged In Software |    bmarshal at pisoftware.com     |
         +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+
 ``I'm not ashamed.  Its the computer age.  Nerds are in.'' - Willow (BtVS)


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list