[CentOS] iptables port forwarding

Johnny Hughes

mailing-lists at hughesjr.com
Thu May 19 13:41:53 UTC 2005


On Thu, 2005-05-19 at 14:31 +0100, Peter Farrow wrote:
> If you're doing true port forwarding, the internal server should see the 
> ip address of the external machine in its logs.
> 
> This is how my machines log that do this,  I use this type of entry in 
> iptables:
> 
> iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to 
> 10.198.0.17
> 
> P.
> 
> 

Agreed ... I just checked and indeed you should see the external IP in
the logs (and in netstat) ... so just ignore the bunk that I said
before :)

> Johnny Hughes wrote:
> 
> >On Thu, 2005-05-19 at 21:08 +0800, Mark Quitoriano wrote:
> >  
> >
> >>i'm having a problem viewing logs on forwarded ports from the firewall
> >>to another server, i forwarded mail(port 25) from the firewall to an
> >>internal server. The problem is when i try to view the logs it just
> >>shows the firewall ip as the sender and not the original sender.
> >>
> >>
> >>    
> >>

-----------------------------------------------------------------
> >In reality, the firewall may be making the connection to the internal
> >server... and not the external machine.  Especially if the internal
> >server is on a 192.168.x.x or 10.x.x.x network and you are connecting
> >via NAT.  If that is the case, the external machine is connecting to the
> >firewall and the firewall is connecting to the internal server.
> >  
If true port forwarding is set ... then this statement (by me) is
WRONG :)
------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20050519/bcdceca0/attachment-0001.sig>


More information about the CentOS mailing list