Hi listmates, Happy Thanksgiving! Does anybody know if there is a convenient utility to configure iptables on a CentOS 5.4 or 5.3 machine to do port forwarding? And if not, where and how does one put the requisite commands? Thanks. Boris.
On Wed, 2009-11-25 at 13:57 -0500, Boris Epstein wrote:> Hi listmates, > > Happy Thanksgiving! > > Does anybody know if there is a convenient utility to configure > iptables on a CentOS 5.4 or 5.3 machine to do port forwarding? And if > not, where and how does one put the requisite commands?For what it's worth, I use the Shoreline firewall package ( www.shorewall.net ) for that purpose. It takes a bit to get used to the syntax and idiosyncrazies of it, but it does just about anything you need/want with an iptables-based firewall.> > Thanks. > > Boris.-- Ron Loftin reloftin at twcny.rr.com "God, root, what is difference ?" Piter from UserFriendly
Hi Boris,> Does anybody know if there is a convenient utility to configure > iptables on a CentOS 5.4 or 5.3 machine to do port forwarding? > And if not, where and how does one put the requisite commands?I'm using iptables just as command. For information about service and very useful examples look at CentOS wiki on iptables: http://wiki.centos.org/HowTos/Network/IPTables i?
On Wednesday 25 November 2009 13:57, Boris Epstein wrote:> Happy Thanksgiving!Same to you too.> Does anybody know if there is a convenient utility to configure > iptables on a CentOS 5.4 or 5.3 machine to do port forwarding? And if > not, where and how does one put the requisite commands?I do all my iptables configuring from the command line. iptables config is store in /etc/sysconfig/iptables. This Tutorial for iptables should be able to help you. http://www.zoominternet.net/~lazydog/iptables-tutorial.html Port forwarding is really not that hard. The big question is if the forwarding to another port is on the same box or will you be forwarding it onto another box? If it is staying local then you want to look at REDIRECT not forwarding. I.e., iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080 If you are truly going to forward it onto another box then you need to look at DNAT. -- Regards Robert Linux User #296285 http://counter.li.org