3

i am new to serverfault, so please inform me of any bad behaviors :)

i searched serverfault (and google) for an answer, but can't find the answer to my problem (i can find answers which are partially what i need, but i lack the knowledge/experience to combine them to the solution to my problem)

the problem is as follows : - i have a public server with port 81 which is available on the public ip address - i have a local server with port 80 which is not available to the public - i want the user to connect to port 81 on the public ip address and arrive at port 80 of the local server (192.168.98.###)

i think i need to do some configuring with iptables, but that's quite foggy to me

i tried some answers from How can I port forward with iptables? but i run into all kinds of errors

some questions : - does the local server have to have some special configuration ? for example do i have to set the gateway to the ip address of the public server ? - /proc/sys/net/ipv4/conf/ppp0 doesn't exist, is that a problem ?

there are no ports blocked by the firewall

i have total control over the public server which is running on :

# cat /proc/version
Linux version 2.4.22-1.2115.nptl (bhcompile@daffy.perf.redhat.com) (gcc version 3.2.3 20030422 (Red Hat Linux 3.2.3-6)) #1 Wed Oct 29 15:42:51 EST 2003
# iptables --version
iptables v1.2.8

i don't know the os of the local server, and have no control over its configuration

could you please explain me which iptables settings i could use, or any other configuration ?

Community
  • 1
Hrqls
  • 143

1 Answers1

3

First thing, you don't need to deal with this /proc/sys/net/ipv4/conf/ppp0, if you are not running a modem on your gateway.

First thing you got to do, is to enable forwarding on your gateway like this:

# echo '1' > /proc/sys/net/ipv4/conf/eth0/forwarding (if you are running your live IP on eth0)

Then simply forward your traffic like this:

# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.2:80
# iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

You should replace 192.168.1.2 with the internal IP of your machine. Also, replace eth0, with the interface on which you have the live IP on your gateway.

and at last, as given in the post you read earlier, you can check the routing with 

# ip route

Hope this helped. Feel free to revert in case you face issue.

Also, please post the errors also which you get in this process.

Michael Hampton
  • 252,907
Napster_X
  • 3,371