0

I have following three rules in my iptables firewall

-A PREROUTING -i eth0 -p tcp -m tcp --dport 12346 -j DNAT --to-destination 11.207.2.4:12350
-A PREROUTING -i eth0 -p tcp -m tcp --dport 12348 -j DNAT --to-destination 11.207.1.3:80
-A PREROUTING -i eth0 -p tcp -m tcp --dport 12347 -j DNAT --to-destination 11.207.1.2:80

1st and 3rd works as expected. 2nd (forwarding to 11.207.1.3:80) do not work.

Why it is so?

Improve this question
7
  • 1
    How, exactly, does it not work?
    – Daniel B
    Commented May 13, 2018 at 12:05
  • I can ACCESS webserver at 11.207.1.2:80 (line 3) but I can not ACCESS webserver at 11.207.1.3:80 (line 2) from internet. The computer where firewall is installed is exposed to internet. servers in range of 11.207.*.* are in LAN
    – ShaileshKumarMPatel
    Commented May 13, 2018 at 12:06
  • I solved problem with following line -A POSTROUTING -o eth1 -j SNAT --to-source 11.207.1.1. But, then how it worked for 11.207.1.2:80 (line 3) without it?
    – ShaileshKumarMPatel
    Commented May 13, 2018 at 12:44
  • Ah, I just noticed these are public IP addresses. Is that really the case? Is traffic from the machines you redirect to routed through the iptables box?
    – Daniel B
    Commented May 13, 2018 at 12:59
  • yes, they are three servers behind firewall in the LAN.
    – ShaileshKumarMPatel
    Commented May 13, 2018 at 14:40

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .