Well, for simple forwarding within the box I'm using:
iptables -t nat -A PREROUTING -p tcp -i eth1 -d 10.0.0.0/8 -j REDIRECT
--to-port 3141
That's to forward an all ports for a given address range (anything in the
10.x.x.x subnet in this case) to a daemon on the box itself. I don't
remember if it winds up on eth1 or on loopback (where said daemon should
bind), probably eth1. The magic snippet of C code that can recover the
original destination address and port for a forwarded connection is:
getsockopt(connection_fd,SOL_IP,SO_ORIGINAL_DST, &addr, &i);
(Finding out the above involved thumbscrews, a bullwhip, google, a lot of
luck, and emailing various developers. But I sent it off to the man page
maintainer so hopefully it should be better documented now.)
To forward a port outside the box entirely, the mystic iincantation is:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport "$fromport" --j DNAT
--to "$addr":"$toport"
fromport being the port on the firwall (I.E. 80), addr and toport being the
remote machine's IP address and the port number on that remote machine
(hopefully one behind your firewall, although that's probably not a
requirement).
Is that what you needed?
> Regards,
> Nerijus
Rob
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/