Dear all, I would like to forward a port to an internet server, but failed. can you help me? Server: eth0: 192.168.1.250, Port: 8080 TCP, CentOS 5.6 Remote server: IP: a.b.c.d Port: 8181 Forward path: client1(192.168.1.10) -> 192.168.1.250:8080 (forward) -> a.b.c.d Port: 8181 ----------------------------------------- In Fedora, I successfully to config the firewall using system-config-firewall and iptables command: 1. Run system-config-firewall 1.1 open local port 8080 1.2 add a forward rule: local 8080 to remote a.b.c.d:8181, tcp 2. echo 1 > /proc/sys/net/ipv4/ip_foward 3. add a iptables rule: /sbin/iptables -t nat -A POSTROUTING -d a.b.c.d -p tcp --dport 8181 -j MASQUERADE That's all. Thanks ! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110626/025d16ce/attachment-0002.html>
On Sunday 26 June 2011 12:53:07 muiz wrote:> Dear all, > I would like to forward a port to an internet server, but failed. can you > help me? Server: eth0: 192.168.1.250, Port: 8080 TCP, CentOS 5.6 > Remote server: IP: a.b.c.d Port: 8181 > > > Forward path: client1(192.168.1.10) -> 192.168.1.250:8080 (forward) -> > a.b.c.d Port: 8181 ----------------------------------------- > In Fedora, I successfully to config the firewall using > system-config-firewall and iptables command: 1. Run system-config-firewall > 1.1 open local port 8080 > 1.2 add a forward rule: local 8080 to remote a.b.c.d:8181, tcp > 2. echo 1 > /proc/sys/net/ipv4/ip_foward > 3. add a iptables rule: /sbin/iptables -t nat -A POSTROUTING -d a.b.c.d -p > tcp --dport 8181 -j MASQUERADE That's all. > > > > > Thanks !You have to use Destination NAT for the job: iptables -t nat -A PREROUTING -j DNAT -p tcp --dport 8080 --to a.b.c.d:8181 echo 1 > /proc/sys/net/ipv4/ip_foward If you have more then one IPs on the local machine its a good idea to specify the destination -d 192.168.1.250 Marian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20110626/2f3f2edf/attachment-0002.sig>
Thanks Marian, The server only has one IP. I think I should add more iptables records, only one NAT record is not enough,isit correct? If yes , then how? 2011-06-26 23:38:58?"Marian Marinov" <mm at yuhu.biz> wrote?>On Sunday 26 June 2011 12:53:07 muiz wrote: >> Dear all, >> I would like to forward a port to an internet server, but failed. can you >> help me? Server: eth0: 192.168.1.250, Port: 8080 TCP, CentOS 5.6 >> Remote server: IP: a.b.c.d Port: 8181 >> >> >> Forward path: client1(192.168.1.10) -> 192.168.1.250:8080 (forward) -> >> a.b.c.d Port: 8181 ----------------------------------------- >> In Fedora, I successfully to config the firewall using >> system-config-firewall and iptables command: 1. Run system-config-firewall >> 1.1 open local port 8080 >> 1.2 add a forward rule: local 8080 to remote a.b.c.d:8181, tcp >> 2. echo 1 > /proc/sys/net/ipv4/ip_foward >> 3. add a iptables rule: /sbin/iptables -t nat -A POSTROUTING -d a.b.c.d -p >> tcp --dport 8181 -j MASQUERADE That's all. >> >> >> >> >> Thanks ! >You have to use Destination NAT for the job: > >iptables -t nat -A PREROUTING -j DNAT -p tcp --dport 8080 --to a.b.c.d:8181 >echo 1 > /proc/sys/net/ipv4/ip_foward > >If you have more then one IPs on the local machine its a good idea to specify >the destination -d 192.168.1.250 > >Marian