[CentOS] iptables

Thu Sep 16 20:03:22 UTC 2010
alexus <alexus at gmail.com>

I'm trying to do some simple tcp port forwarding

[root at wcmisdlin02 ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root at wcmisdlin02 ~]# /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
[root at wcmisdlin02 ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root at wcmisdlin02 ~]# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:mysql
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:https
REJECT     all  --  anywhere             anywhere
reject-with icmp-host-prohibited
[root at wcmisdlin02 ~]# iptables --table nat --append PREROUTING --proto
tcp --dport 80 --jump DNAT --to 10.52.208.223:80
[root at wcmisdlin02 ~]# iptables --table nat --list PREROUTING
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere            tcp
dpt:http to:10.52.208.223:80
[root at wcmisdlin02 ~]# curl --verbose http://10.52.208.221:80
* About to connect() to 10.52.208.221 port 80
*   Trying 10.52.208.221... Connection refused
* couldn't connect to host
* Closing connection #0
curl: (7) couldn't connect to host
[root at wcmisdlin02 ~]#

-- 
http://alexus.org/