Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Port Forwarding
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Gentoo20
n00b
n00b


Joined: 14 Sep 2004
Posts: 12
PostPosted: Wed Oct 06, 2004 4:47 pm    Post subject: Port Forwarding Reply with quote
I'm trying to forward port 80 to another server and I'm having trouble getting it to work.

10.10.0.10 is the linux box and 10.10.0.11 is the web server and does work when going direct.

I have turned on port forwarding:
Code:
echo "1" > /proc/sys/net/ipv4/ip_forward


This what I used for the iptables command:
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.10.0.11:80


This is the only rule in my iptables.

when I go to http://10.10.0.10 I'm not shown the web site on 10.10.0.11.
What is wrong?


(IP addresses are both public and where changed for this question)
Back to top
View user's profile Send private message
Auka
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jul 2002
Posts: 110
Location: Germany
PostPosted: Wed Oct 06, 2004 5:46 pm    Post subject: Reply with quote
Quote:
I have turned on port forwarding: [...]

Errm, no, what you enabled here is not port forwarding but IP forwarding (i.e. routing) which is something quite different but correct in this case nevertheless...

Quote:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.10.0.11:80

The problem is you default policy on the FORWARD, INPUT and OUTPUT Chains. Do an "iptables -L" to check this.

If you do not use any other rules i.e. no firewall rulesets (you shouldn't if you don't really know what you are doning!) then they will be on ACCEPT which should not be a problem. But if you do use a firewall policy/ruleset (you should) they should have a drop or reject target. Then you will need another rule to let the forwarded (NAT'ted) package pass through the FORWARD Chain or else it will be dropped.

i.e. use something similar to this (beware just out of my mind so not checked!)
Code:
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 10.10.0.10 --dport 80 -j DNAT --to 10.10.0.11:80
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 10.10.0.11 --dport 80 -j ACCEPT


Else just try a search on google for "iptables forward port" or similar which should give you plenty of useful information...

Maybe you'll also find a GUI such as fwbuilder (emerge fwbuilder) helpful.
Back to top
View user's profile Send private message
Nossie
Apprentice
Apprentice


Joined: 19 Apr 2002
Posts: 181
PostPosted: Wed Oct 06, 2004 5:54 pm    Post subject: Reply with quote
Have a look at a firewall scrip, it makes life so much simpler.
I use monmotha, it is easy to setup and has rules for port forwarding.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy