Help - Search - Members - Calendar
Full Version: Sort Of Router With Iptables
Linuxhelp > Support > Technical Support
slaperke
Hey, i've got a little problem,
I want set up my linuxpc with iptables so that he redirect the packets which he gets (http,ftp) from a webserver(serverA) to a ftp and an httpserver(server B and C). but with the information i get i can't do it very well. can anyone help me?

Slaperke
Termina
QUOTE
#Your iptables path
IPT="/sbin/iptables"

#Assuming your connection comes to your main computer to your NIC card
INT="eth0"

#Clears out existing rules
$IPT -F
$IPT -F FORWARD
$IPT -X

#Sets up policies
$IPT -P FORWARD ACCEPT

#If you have a static IP, keep the following 2 lines the same
#If you have a semi-static IP, or use DHCP, comment the first line and uncomment the 2nd line
$IPT -t nat -A POSTROUTING -o $INT -j SNAT --to 216.138.195.197
#$IPT -t nat -A POSTROUTING -o $INT -j MASQUERADE

#Protects forwarding rule
$IPT -A FORWARD -i $INT -m state --state NEW,INVALID -j DROP

#Forwarding certain specific ports to other machines.
$IPT -t nat -A PREROUTING -i $INT -p tcp --dport 25 -j DNAT --to 10.1.1.51:25
$IPT -t nat -A PREROUTING -i $INT -p tcp --dport 53 -j DNAT --to 10.1.1.51:53
$IPT -t nat -A PREROUTING -i $INT -p udp --dport 53 -j DNAT --to 10.1.1.51:53

#Forwarding range of ports to another machine
$IPT -t nat -A PREROUTING -i $INT -p tcp --dport 2300:2400 -j DNAT --to 10.1.1.50
$IPT -t nat -A PREROUTING -i $INT -p udp --dport 2300:2400 -j DNAT --to 10.1.1.50

#Accepts connections from local machines (replace with your computers IP addys)
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -s 10.1.1.50 -d 0/0 -p all -j ACCEPT
$IPT -A INPUT -s 10.1.1.51 -d 0/0 -p all -j ACCEPT
$IPT -A INPUT -s 10.1.1.52 -d 0/0 -p all -j ACCEPT


<.<

Hope that works. biggrin.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.