[CentOS] iptables port forwarding
Mark Quitoriano
markquitoriano at gmail.com
Thu May 19 13:44:59 UTC 2005
here's how i did mine
iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -j DNAT
--to-destination 10.0.0.1
iptables -t nat -A POSTROUTING -d 10.0.0.1 -j SNAT --to xxx.xxx.xxx.xxx
because the firewall has different ip than my mail server
On 5/19/05, Peter Farrow <peter at farrows.org> wrote:
> If you're doing true port forwarding, the internal server should see the
> ip address of the external machine in its logs.
>
> This is how my machines log that do this, I use this type of entry in
> iptables:
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to
> 10.198.0.17
>
> P.
>
>
> Johnny Hughes wrote:
>
> >On Thu, 2005-05-19 at 21:08 +0800, Mark Quitoriano wrote:
> >
> >
> >>i'm having a problem viewing logs on forwarded ports from the firewall
> >>to another server, i forwarded mail(port 25) from the firewall to an
> >>internal server. The problem is when i try to view the logs it just
> >>shows the firewall ip as the sender and not the original sender.
> >>
> >>
> >>
> >>
> >In reality, the firewall may be making the connection to the internal
> >server... and not the external machine. Especially if the internal
> >server is on a 192.168.x.x or 10.x.x.x network and you are connecting
> >via NAT. If that is the case, the external machine is connecting to the
> >firewall and the firewall is connecting to the internal server.
> >
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >CentOS mailing list
> >CentOS at centos.org
> >http://lists.centos.org/mailman/listinfo/centos
> >
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Regards,
Mark Quitoriano, CCNA
http://www.atamanetworks.com
More information about the CentOS
mailing list