[H-GEN] iptables and port forwarding

Stuart Longland stuartl at longlandclan.hopto.org
Thu May 22 00:12:01 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johann wrote:

> what I am trying to do is port forward a ssh request to machine B(eth1)
> to machine C (eth0)
> so after reading the netfilter howto and surfing the net for examples I
> chose the following iptables rule
> iptables -A PREROUTING -t nat -i eth1 -d 192.168.105.201 -p tcp --dport
> 22 -j DNAT --to 10.0.0.200:22
>
> however this does not do what I thought it would do, the connection just
> times out. So I am guessing that I have to do some more packet
> manipulation, but I am lost as to what that is.

Yeah, I'm trying to do the same thing with my Brisbane Mesh node website
 so that the mesh server handles it, but for some reason, I can't get
our webserver to forward requests from port 81 (not 80, because that's
in use), across to my internal machine.

Basically, this is the network layout:
.                      iTel network & Internet
.                                |
.                      WAN:202.47.55.78
.                         [ gatekeeper ]
.                      LAN:192.168.5.254
.       _________________________|______\ Internal LAN
.      |                    |           /
.eth0: 192.168.0.2   eth0: 192.168.5.1
.[   james   ]        [    www    ]
.eth1: 10.160.34.1   eth0:0: 192.168.0.254 \_ Virtual Interfaces
.      |             eth0:1: 192.168.10.254/
.      |
.  Brisbane
.    Mesh

where:
	gatekeeper - Netgear DG814 ADSL Router
		     (Supports port forwarding)

	james	   - My Brisbane Mesh Server
			eth0:
				IP: 192.168.0.2/24
				Route: 192.168.0.0/16 via 192.168.0.254

			eth1:
				IP: 10.160.34.1/28
				Route: 10.160.0.0/14 via eth1

	www	   - Web Server
			eth0:
				IP: 192.168.5.1/24
				Route: 192.168.0.0/16 via eth0
				Virtual IPs:
					192.168.0.254/24
					192.168.10.254/24

On my mesh server, I'll have a little website, with information about
how to connect, what links are currently running, etc...

On our web server, we've got a full website, IRC server and NNTP server.

We also have a Linux box, and my main machine, which both have
Counter-Strike server loaded, so I'd also like to make that available to
Brisbane Mesh.

So this means, I need to forward on the webserver:
	192.168.5.1 port 81 (TCP) --> 192.168.0.2 port 80

and on the mesh server:
	192.168.0.2 port 119 (TCP)--> 192.168.5.1 port 8119
	192.168.0.2 port 6667(TCP)--> 192.168.5.1 port 6667
	
For the CS games:
	192.168.0.2 port 27015(TCP)-> 192.168.10.5 port 27015
		for our Linux box or
				  --> 192.168.0.1 port 27015
		for my box (running Win2K Pro)

All of our linux machines are running Red Hat Linux 8.0, but that may
change as I've been disappointed by RH of late, and I'm thinking of
rolling my own Linux.

- --
+-------------------------------------------------------------+
| Stuart Longland           stuartl at longlandclan.hopto.org |
| Brisbane Mesh Node: 719             http://stuartl.cjb.net/ |
| I haven't lost my mind - it's backed up on a tape somewhere |
| Griffith Student No:           Course: Bachelor/IT @ Nathan |
+-------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1-nr1 (Windows 2000)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+zE4QIGJk7gLSDPcRAoxTAKCIT6WTqbPKgEjmLWn6EZ9eq951DQCfR4Nf
BXP94X5NpAzyFEWfb6txhuU=
=faDg
-----END PGP SIGNATURE-----



--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list