*nix Thread, IPTables Port Forwarding in Technical; Originally Posted by CyberNerd
add another nic ?
Can't add another, no slots. Will try adding a virtual interface (ie. ...
27th May 2009, 11:46 AM #16
Can't add another, no slots. Will try adding a virtual interface (ie. eth0:0 and eth0:1).
Originally Posted by CyberNerd
27th May 2009, 11:50 AM #17
I looked through this:
IPTables forward question
and compared my FW config (two interfaces)
You may need to add the state NEW for new connections ?
iptables -A FORWARD -p tcp -i [incoming interface] -o [outgoing interface] -d [ip address of target server] --dport 80 -m state --state NEW -j ACCEPT
sorry if i'm being vague, its a bit out of my comfort zone
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
3rd June 2009, 10:18 PM #18
Are both devices on the same subnet i.e. the firewall and webserver? If so then you'll need to SNAT these packets as well in the postrouting chain otherwise the packet from the webserver will go directly back to the client which then won't match any connections it initiated, the SYN ACK will be dropped and an RST packet will be sent to close the connection. If they're not on the same subnet let me know.
Also, just a point but the rule in the forward chain isn't required as the chain's policy is accept, unless you specifically put a rule in to drop forwarded traffic all will be allowed with that policy.
Last edited by funkymunky; 3rd June 2009 at 10:25 PM.
Reason: Added more info
By link470 in forum Wireless Networks
Last Post: 4th January 2012, 05:18 PM
By localzuk in forum General Chat
Last Post: 29th October 2008, 08:55 AM
Last Post: 17th September 2008, 02:56 PM
By IA76 in forum Wireless Networks
Last Post: 15th August 2008, 01:29 PM
By Tiger in forum MIS Systems
Last Post: 19th February 2008, 10:13 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread