[LUGOS] portforwarding
Rok
r at rula.net
Mon Jun 16 20:57:06 CEST 2003
aja.. pa samo kot inert stvari, ki pisejo v iptables tutorialu:
iptables -t nat -A POSTROUTING -p tcp --dst $HTTP_IP --dport 80 -j SNAT
\
--to-source $LAN_IP
Remember that the POSTROUTING chain is processed last of the chains, and
hence the packet will already be DNAT'ed once it reaches that specific
chain. This is the reason that we match the packets based on the
internal address.
This last rule will seriously harm your logging, so it is really
advisable not to use this method, but the whole example is still a valid
one for all of those who can't afford to set up a specific DMZ or alike.
What will happen is this, packet comes from the Internet, gets SNAT'ed
and DNAT'ed, and finally hits the HTTP server (for example). The HTTP
server now only sees the request as if it was coming from the firewall,
and hence logs all requests from the internet as if they came from the
firewall.
lp, jst
More information about the lugos-list
mailing list