[CentOS] ls network address traslation different in centos?

Robert Spangler mlists at zoominternet.net
Fri Jan 2 03:13:55 UTC 2009


On Wednesday 31 December 2008 16:05, chloe K wrote:

>    ls the network address traslation in centos5.2 different?

Nope.

>    I disable the default iptable rule and use the following commands but I
> can't connect http://public:8080 from outside to this host 192.168.0.10
> port 80
>
>    eth1 is public address
>    eth0 is private address 192.168.0.1
>
>    iptables -F -t nat
>  iptables --table nat --append POSTROUTING --out-interface eth1 -j
> MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT
>  iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to
> 192.168.0.10:80

Your rules are in need of help.
First off  I am not even sure what you are doing will work, i.e.;

--append or --table

These are written as '-A' and '-t'

Try these;

iptables -F -t nat 
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE 
# !!! Following line is wrapped !!!
iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT 
--to-destination 192.168.0.10:80
iptables -A FORWARD -i eth0 -j ACCEPT 

You could and should tighten these rules up.  You should look into Stateful 
packet inspection for your firewall.  If you are looking to learn how to 
write your own rules use the following;

http://iptables.rlworkman.net/chunkyhtml/index.html


-- 

Regards
Robert

Linux User #296285
http://counter.li.org


More information about the CentOS mailing list