Hi all
ls the network address traslation in centos5.2 different?
I disable the default iptable rule and use the following commands but I
can't connect http://public:8080 from outside to this host 192.168.0.10 port
80
eth1 is public address
eth0 is private address 192.168.0.1
iptables -F -t nat
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to
192.168.0.10:80
Thank you
---------------------------------
Looking for the perfect gift? Give the gift of Flickr!
---------------------------------
Now with a new friend-happy design! Try the new Yahoo! Canada Messenger
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20081231/82ecd169/attachment-0002.html>
German Andres Pulido
2009-Jan-01 17:59 UTC
[CentOS] ls network address traslation different in centos?
I think you forgot to open the port in the FILTER table. Open it like this: iptables --table filter -p tcp -d 8080 -j ACCEPT The syntax may not be 100% perfect, and also you may want to tight the security, but I hope you get the idea. Regards. GERMAN ANDRES PULIDO F. Ingeniero de Proyectos GLOBAL TECHNOLOGY SERVICES - GTS S.A. ------------------------------------- Tel: (571) 658 34 10 ext 110 Carrera 7b No. 123-46 Bogot?-Colombia Sitio Web: www.gtscolombia.com On Wednesday 31 December 2008 4:05:51 pm chloe K wrote:> Hi all > > ls the network address traslation in centos5.2 different? > > I disable the default iptable rule and use the following commands but I > can't connect http://public:8080 from outside to this host 192.168.0.10 > port 80 > > eth1 is public address > eth0 is private address 192.168.0.1 > > iptables -F -t nat > iptables --table nat --append POSTROUTING --out-interface eth1 -j > MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT > iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to > 192.168.0.10:80 > > Thank you > > > --------------------------------- > Looking for the perfect gift? Give the gift of Flickr! > > --------------------------------- > Now with a new friend-happy design! Try the new Yahoo! Canada Messenger
Robert Spangler
2009-Jan-02 03:13 UTC
[CentOS] ls network address traslation different in centos?
On Wednesday 31 December 2008 16:05, chloe K wrote:> ls the network address traslation in centos5.2 different?Nope.> I disable the default iptable rule and use the following commands but I > can't connect http://public:8080 from outside to this host 192.168.0.10 > port 80 > > eth1 is public address > eth0 is private address 192.168.0.1 > > iptables -F -t nat > iptables --table nat --append POSTROUTING --out-interface eth1 -j > MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT > iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to > 192.168.0.10:80Your rules are in need of help. First off I am not even sure what you are doing will work, i.e.; --append or --table These are written as '-A' and '-t' Try these; iptables -F -t nat iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # !!! Following line is wrapped !!! iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to-destination 192.168.0.10:80 iptables -A FORWARD -i eth0 -j ACCEPT You could and should tighten these rules up. You should look into Stateful packet inspection for your firewall. If you are looking to learn how to write your own rules use the following; http://iptables.rlworkman.net/chunkyhtml/index.html -- Regards Robert Linux User #296285 http://counter.li.org