| Subject | Re: [firebird-support] iptables and port forwarding |
|---|---|
| Author | Alexandre Benson Smith |
| Post date | 2004-07-16T15:53:34Z |
On Fri, 16 Jul 2004 07:57:57 -0000, "yann_riviere" <yann_riviere@...> escreveu:
try this one
# FB
$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 3050 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d 192.168.0.98 --dport 3050 -j DNAT --to 10.0.24.201:3050
In this example I assume that:
eth0 is your external interface
eth1 is your internal interface
192.168.0.98 is your external ip address (the network address 192.168.0.0/24 is used for private lan, and are not routable on the internet, don't know if you just put this address as a sample or if you have a firewall between 2 local lans)
10.0.24.201 is the ip address of your FB server
Works like a charm :-) But you expose your FB server to the wild world, maybe you want to permit it just for some address, or use a tunelling (ssh or zebedee, zebedee is very very simple to use) to make it a bit more secure.
HTH
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
> De: "yann_riviere" <yann_riviere@...>Hi, Yann
> Data: Fri, 16 Jul 2004 07:57:57 -0000
> Para: firebird-support@yahoogroups.com
> Assunto: [firebird-support] iptables and port forwarding
>
> Hello,
> Im trying to access to my firebird server 10.0.24.201 (under linux)
> throught an iptables firewall (192.168.0.98)
>
> I try this rule :
>
> iptables -A PREROUTING -t nat -p tcp -d 192.168.0.98 --dport 3050 -j
> DNAT --to 10.0.24.201:3050
>
> No success...
>
> Can anyone help me?
>
> Thanks
>
> Yann
>
try this one
# FB
$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 3050 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d 192.168.0.98 --dport 3050 -j DNAT --to 10.0.24.201:3050
In this example I assume that:
eth0 is your external interface
eth1 is your internal interface
192.168.0.98 is your external ip address (the network address 192.168.0.0/24 is used for private lan, and are not routable on the internet, don't know if you just put this address as a sample or if you have a firewall between 2 local lans)
10.0.24.201 is the ip address of your FB server
Works like a charm :-) But you expose your FB server to the wild world, maybe you want to permit it just for some address, or use a tunelling (ssh or zebedee, zebedee is very very simple to use) to make it a bit more secure.
HTH
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br