nikdonovanau
asked on
IPCop forward external to external red
Hi Experts,
What we are trying to do is route or forward traffic that comes to our external ip (x.x.x.x) to another external ip (y.y.y.y).
We know how to forward from external to internal but we are looking to go red to red.
Any Ideas
Cheers
Nik
What we are trying to do is route or forward traffic that comes to our external ip (x.x.x.x) to another external ip (y.y.y.y).
We know how to forward from external to internal but we are looking to go red to red.
Any Ideas
Cheers
Nik
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the advise. Much appreciated.
ASKER
For anyone out there trying to do this. This is how I achieved it.
After start) in /etc/rc.d/rc.firewall.loca
/sbin/iptables -t nat -A CUSTOMPREROUTING -p tcp -i wan-1 --dport [port] -j DNAT --to-destination [dest_ip]:[dest_port]
/sbin/iptables -A CUSTOMFORWARD -p tcp -i wan-1 -d [dest_ip] --dport [dest_port] -j ACCEPT
Thanks a lot.
After start) in /etc/rc.d/rc.firewall.loca
/sbin/iptables -t nat -A CUSTOMPREROUTING -p tcp -i wan-1 --dport [port] -j DNAT --to-destination [dest_ip]:[dest_port]
/sbin/iptables -A CUSTOMFORWARD -p tcp -i wan-1 -d [dest_ip] --dport [dest_port] -j ACCEPT
Thanks a lot.
Thank you for this very useful complement of information. Instead of option "-i wan-1", I would say "-i $RED_DEV", right?
ASKER
Sure I think you can use the variables from the config file.
My config file seemed to have $RED_DEV_1 or somthing like that so I chose to just hard code the name of my wan ethernet interface.
My config file seemed to have $RED_DEV_1 or somthing like that so I chose to just hard code the name of my wan ethernet interface.
Possible workarounds:
1. let the modem/router do that, upstream, or
2. add an iptable rule in your /etc/rc.d/rc.firewall.loca
3. forward the traffic to some host inside your LAN or DMZ that is going to re-forward that traffic to y.y.y.y
Good luck.