I'm having some port forwarding issues issues with iptables. We are using iptables as a firewall with 2 nics and on ip alias. I'm trying to port forward on the alias ip eth0 = 65.x.x.1 eth0:1 = 65.x.x.2 eth1 = 192.168.x.x I'm wanting to forward certain ports(80,5071...etc) that makes request on eth0:1 IP 65.x.x.2 to forward to internal IP 192.168.x.x. I have setup the following rules but I must be doing something wrong. iptables -t nat -A PREROUTING -p tcp -i eth0 -d 65.x.x.2 --dport 80 -j DNAT --to-destination 192.168.x.x:80 iptables -t nat -A PREROUTING -p tcp -i eth0 -d 65.x.x.2 --dport 5071 -j DNAT --to-destination 192.168.x.x:5071 iptables -A FORWARD -p tcp -i eth0 -d 192.168.x.x --dport 80 -j ACCEPT iptables -A FORWARD -p tcp -i eth0 -d 192.168.x.x --dport 5071 -j ACCEPT Any help would be greatly appreciated. Thanks -- Bo Lynch
Bo Lynch wrote:> I'm having some port forwarding issues issues with iptables. > We are using iptables as a firewall with 2 nics and on ip alias. > I'm trying to port forward on the alias ip > eth0 = 65.x.x.1 > eth0:1 = 65.x.x.2 > eth1 = 192.168.x.x > > I'm wanting to forward certain ports(80,5071...etc) that makes request on > eth0:1 IP 65.x.x.2 to forward to internal IP 192.168.x.x. I have setup the > following rules but I must be doing something wrong. > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 65.x.x.2 --dport 80 -j > DNAT --to-destination 192.168.x.x:80 > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 65.x.x.2 --dport 5071 -j > DNAT --to-destination 192.168.x.x:5071 > iptables -A FORWARD -p tcp -i eth0 -d 192.168.x.x --dport 80 -j ACCEPT > iptables -A FORWARD -p tcp -i eth0 -d 192.168.x.x --dport 5071 -j ACCEPT > > Any help would be greatly appreciated. > Thanks >Try iptables -A FORWARD -p tcp -i eth0 -o eth1 -d 192.168.x.x --dport 80 -j ACCEPT iptables -A FORWARD -p tcp -i eth0 -o eth1 -d 192.168.x.x --dport 5071 -j ACCEPT