Solved

Multiple IP Address with port forwarding

Posted on 2007-04-05
2
952 Views
Last Modified: 2013-12-16
I am using SME Server 7.1 (2.6.9 Kernel) as a gateway, and I have set up multiple IP addresses on one external facing network card, and I have one internal facing network card.  I would like to forward ports on to various servers on my network, i.e. X.X.X.17:80 goes to 192.168.0.1:80, X.X.X.18:80 goes to 192.168.0.2:80.  

In my /etc/rc.d/init.d/masq file, I have the following entries:
    /sbin/iptables --table nat --new-chain PortForwarding_$$
    /sbin/iptables --table nat --append PortForwarding_$$ --protocol tcp -d X.X.X.18/32 --destination-port 80 -j DNAT --to-destination 192.168.0.2:80
    adjust_tcp_in 80 ACCEPT ForwardedTCP_$$ 192.168.0.2/32

From what I understand, this should forward all incomming requests to X.X.X.18:80 to 192.168.0.2:80, but when I try to access this web site, it times out.

Can anyone explain what I am doing wrong, or how to go about doing this?

Many Thanks in advance.
0
Comment
Question by:rtwilde
2 Comments
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 18872116
Standard table 'nat' has only 3 chains PREROUTING, OUTPUT and POSTROUTING. You have added 1 new chain and didn't referenced to it from any standard chain. Try to add a reference in a PREROUTING chain:
iptables --table nat -A PREROUTING -j  PortForwarding_$$
0
 

Author Comment

by:rtwilde
ID: 18875400
OK, this is what I found that works, this issue seemed to be exactly what Nopius desribed.
This forwards incomming http requests from external address X.X.X.17 to 10.1.88.10, and from X.X.X.18 to 10.1.88.11

iptables -I PREROUTING -t nat -p tcp --dport 80 -d X.X.X.17 -j DNAT --to 10.1.88.10
iptables -I FORWARD -p tcp -d 10.1.88.10 --dport 80 -i eth1 -o eth0 -j ACCEPT
iptables -A POSTROUTING -t nat -o eth1 -p tcp -s 10.1.88.10 -j SNAT --to-source X.X.X.17
iptables -I PREROUTING -t nat -p tcp --dport 80 -d X.X.X.18 -j DNAT --to 10.1.88.11
iptables -I FORWARD -p tcp -d 10.1.88.11 --dport 80 -i eth1 -o eth0 -j ACCEPT
iptables -A POSTROUTING -t nat -o eth1 -p tcp -s 10.1.88.11 -j SNAT --to-source X.X.X.18
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is this bug still active in RHEL 2 49
Issue with SFTP on non-root account using Guacamole  / GUAC 2 64
I think my Ubuntu 12.10 box is hacked, but not sure... 13 52
nagios 1 22
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now