Thursday, November 13, 2008

IPtables Port Foprwarding

I'm battling a firewall issue. Machine "A" can not see machine "B", so I want to bounce through machine "C". Unfortunately, it has to be a selective redirect, as "A" needs services from "C", as well. Three steps, executed on machine "C":
[root@c]# echo 1 /proc/sys/net/ipv4/ip_forward
[root@c]# iptables -A PREROUTING -t nat -i eth0 -p tcp
    --dport 3389 -j DNAT --to

[root@c]$ iptables -A FORWARD -p tcp -m state --state NEW
    --dport 3389 -j ACCEPT
First step enables forwarding. Second step takes all packets for port 3389 (machine "C" doesn't run MS terminal services), sends them to, and twists them to 9833. Thirds step fires them back out.

No comments:

Post a Comment