Subject Re: [firebird-support] iptables and port forwarding
Author Alexandre Benson Smith
On Fri, 16 Jul 2004 07:57:57 -0000, "yann_riviere" <yann_riviere@...> escreveu:

> De: "yann_riviere" <yann_riviere@...>
> Data: Fri, 16 Jul 2004 07:57:57 -0000
> Para: firebird-support@yahoogroups.com
> Assunto: [firebird-support] iptables and port forwarding
>
> Hello,
> Im trying to access to my firebird server 10.0.24.201 (under linux)
> throught an iptables firewall (192.168.0.98)
>
> I try this rule :
>
> iptables -A PREROUTING -t nat -p tcp -d 192.168.0.98 --dport 3050 -j
> DNAT --to 10.0.24.201:3050
>
> No success...
>
> Can anyone help me?
>
> Thanks
>
> Yann
>

Hi, Yann

try this one
# FB
$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 3050 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A PREROUTING -t nat -p tcp -d 192.168.0.98 --dport 3050 -j DNAT --to 10.0.24.201:3050

In this example I assume that:
eth0 is your external interface
eth1 is your internal interface
192.168.0.98 is your external ip address (the network address 192.168.0.0/24 is used for private lan, and are not routable on the internet, don't know if you just put this address as a sample or if you have a firewall between 2 local lans)
10.0.24.201 is the ip address of your FB server

Works like a charm :-) But you expose your FB server to the wild world, maybe you want to permit it just for some address, or use a tunelling (ssh or zebedee, zebedee is very very simple to use) to make it a bit more secure.


HTH

Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br