i am new to serverfault, so please inform me of any bad behaviors :)
i searched serverfault (and google) for an answer, but can't find the answer to my problem
(i can find answers which are partially what i need, but i lack the knowledge/experience to combine them to the solution to my problem)
the problem is as follows :
- i have a public server with port 81 which is available on the public ip address
- i have a local server with port 80 which is not available to the public
- i want the user to connect to port 81 on the public ip address and arrive at port 80 of the local server (192.168.98.###)
i think i need to do some configuring with iptables, but that's quite foggy to me
i tried some answers from How can I port forward with iptables?
but i run into all kinds of errors
some questions :
- does the local server have to have some special configuration ? for example do i have to set the gateway to the ip address of the public server ?
- /proc/sys/net/ipv4/conf/ppp0 doesn't exist, is that a problem ?
there are no ports blocked by the firewall
i have total control over the public server which is running on :
# cat /proc/version
Linux version 2.4.22-1.2115.nptl (bhcompile@daffy.perf.redhat.com) (gcc version 3.2.3 20030422 (Red Hat Linux 3.2.3-6)) #1 Wed Oct 29 15:42:51 EST 2003
# iptables --version
iptables v1.2.8
i don't know the os of the local server, and have no control over its configuration
could you please explain me which iptables settings i could use, or any other configuration ?
Answer
First thing, you don't need to deal with this /proc/sys/net/ipv4/conf/ppp0
, if you are not running a modem on your gateway.
First thing you got to do, is to enable forwarding on your gateway like this:
# echo '1' > /proc/sys/net/ipv4/conf/eth0/forwarding (if you are running your live IP on eth0)
Then simply forward your traffic like this:
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.2:80
# iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
You should replace 192.168.1.2 with the internal IP of your machine. Also, replace eth0
, with the interface on which you have the live IP on your gateway.
and at last, as given in the post you read earlier, you can check the routing with
# ip route
Hope this helped. Feel free to revert in case you face issue.
Also, please post the errors also which you get in this process.
No comments:
Post a Comment