[olug] iptables behind router
Daniel Linder
dan at linder.org
Tue Sep 14 01:54:17 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
William E. Kempf said:
> However... I'd like to be able to have [comp A]
> forward some ports to [comp B].
Jeff gave one solution, here is another possible solution.
The IPTables feature has a "Destination Network Address Translation"
feature (DNAT) which re-writes the destination of each IP packet to
another address when it comes in. When it goes back out, the IPTables
un-does the translation and replaces the (now) source address with what
the machine on the outside expects.
Example:
CompX---{internet}---{Cablemodem}-{router}--+---[CompA]
+---[CompB]
On Computer A, you would use a line like this:
iptables -t nat -A PREROUTING -i eth0 -d <CompA_Addr> -dport <CompaA_port>
- -j DNAT --to-destination <CompB_Addr:CompB_port>
Just make sure that Computer B has it's route to the Internet set to point
back through CompA so CompA can un-do the DNAT...
I think this should work... :)
Dan
- - - - -
"I do not fear computer,
I fear the lack of them."
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFBRk9JNiBNyqUzGb8RApjgAJ9Ns3HjZFGFpYN/onvd9UaFfTpLywCeOyt5
Bp/i+0ESA8n2FQzg9MFnlF8=
=Px1S
-----END PGP SIGNATURE-----
More information about the OLUG
mailing list