[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How configure Iptable in RedHat 8.0



Dear Michael Schwendt,

I modifed "net.ipv4.ip_forward = 1" in file "/etc/sysctl.conf".
Then, I have found "/proc/sys/net/ipv4/ip_forward" is always"1". It's not wrong.
but "PREROUTING" does not work.


Thach!

Michael Schwendt wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 12 Jun 2003 13:52:43 +0700, Le Ngoc Thach wrote:



I'm using iptables-1.2.6a-2 in RedHat 8.0 router, gateway and firewall.
I can not configure to implement the case:
Ex:
- External IP of gateway is 203.162.4.1, this host is also listening at
port 80 (Apache WebServer) and portal 8080 (Tomcat).
- Internal IP of gateway is 192.168.2.1
- An other internal host is 192.168.2.2, this host is listening at port
80 (IIS WebServer).

I want a user can go to http://203.162.4.1:81 to access the internal
host 192.168.2.2 that IIS is running.
I have tried to use "PREROUTING" such as

/sbin/iptables -A PREROUTING -t nat -d 203.162.4.1 -p tcp --dport 81 -j
DNAT --to 192.168.2.2:80

(View my configuration iptable in attachment).

but url "http://203.162.4.1:81"; does not work. If I try "REROUTING" to
192.168.2.1 such as:
/sbin/iptables -A PREROUTING -t nat -d 203.162.4.1 -p tcp --dport 81 -j
DNAT --to 192.168.2.1:8080

It's OK. Then, http://203.162.4.1:81 is TomCat HomePage.

What is woring? Please help me!



In your attached set of rules, your FORWARD chain does not allow the DNAT'ed traffic. Also, you didn't mention that you have set /proc/sys/net/ipv4/ip_forward to "1" manually or via sysctl or redhat-config-proc.

- -- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)


iD8DBQE+6HLi0iMVcrivHFQRAsK/AJ423apRaOIWm6q9RJEMwB2jvh8jlwCghVzV
LSrXA9prrD0sXM/BfGK9OjY=
=zq1s
-----END PGP SIGNATURE-----









[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]