Find the answer to your Linux question:
Results 1 to 8 of 8
Hi I am working on this iptables for some time now and would appreciate any help. My network is configured as follow (I use vmware for the server in case ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2006
    Posts
    5

    iptables for webserver with NAT


    Hi

    I am working on this iptables for some time now and would appreciate any help.
    My network is configured as follow (I use vmware for the server in case you wonder about the strange adapter names)

    Laptop | eth0 (192.168.1.1) <-> eth0 (192.168.1.2) | Server | vmware8 (172.16.139.1) <-> (172.16.139.2) | VmwareWebServer

    The following works
    On Server : ping 172.16.139.2
    On Server: telnet 172.16.139.2 80
    On Laptop: ping 192.168.1.2

    I would like to get this to work
    On Laptop: telnet 192.168.1.2 80

    this request should be forwarded to the VmwareWebServer.
    To accomplish this I set tried the following rules on the server.

    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 172.16.139.2:80
    iptables -A INPUT -p tcp -m state --state NEW --dport 80 -i eth0 -j ACCEPT

    However it doesn't work I can not connect to the WebServer from my laptop.
    thx
    Lukas

  2. #2
    Linux Newbie framp's Avatar
    Join Date
    Jul 2006
    Location
    Stuttgart, Germany
    Posts
    240
    You don't need an INPUT rule because your server acts as a router between your Labtop and VMWARE. Just add FORWARD rules for both directions.
    "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds

  3. #3
    Just Joined!
    Join Date
    Aug 2006
    Posts
    5
    Hi

    sorry that I have to ask one more time but I don't get this stuff to run.
    I tried your suggestion with the FORWARD chain and tried to be as less
    permissive as possible to avoid any error.

    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 172.16.139.2:80

    iptables -A FORWARD -i eth0 -o vmware8 -j ACCEPT
    iptables -A FORWARD -i vmware8 -o eth0 -j ACCEPT

    Now i traffic between eth0 and vmware8 is allowed and the incoming packets on port 80 are redirected to the server.
    But it still doesn't work

    thx

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Newbie framp's Avatar
    Join Date
    Jul 2006
    Location
    Stuttgart, Germany
    Posts
    240
    Do you have already active iptables rules when you add your rules? Then use -I instead of -A in your rules.
    "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds

  6. #5
    Just Joined!
    Join Date
    Aug 2006
    Posts
    5
    Hi

    I don't have any predefined rules for iptables when i use iptables -L I get
    the following

    #iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    #iptables -L -t nat
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    DNAT tcp -- anywhere anywhere tcp dpt:www to:172.16.139.2:80

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    It looks correct to me

  7. #6
    Linux Newbie framp's Avatar
    Join Date
    Jul 2006
    Location
    Stuttgart, Germany
    Posts
    240
    Did you setup your server to act as a router?
    Code:
    cat /proc/sys/net/ipv4/ip_forward
    should return 1
    "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds

  8. #7
    Just Joined!
    Join Date
    Sep 2005
    Location
    New delhi
    Posts
    22
    Quote Originally Posted by einKI

    Laptop | eth0 (192.168.1.1) <-> eth0 (192.168.1.2) | Server | vmware8 (172.16.139.1) <-> (172.16.139.2) | VmwareWebServer

    I would like to get this to work
    On Laptop: telnet 192.168.1.2 80

    this request should be forwarded to the VmwareWebServer.
    To accomplish this I set tried the following rules on the server.

    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 172.16.139.2:80
    iptables -A INPUT -p tcp -m state --state NEW --dport 80 -i eth0 -j ACCEPT

    However it doesn't work I can not connect to the WebServer from my laptop.
    thx
    Lukas
    Add iptables -A POSTROUTING -t nat -d 172.16.139.2 -j SNAT --to-source 172.16.139.1
    If you donot have your server to be mentioned as GATEWAY on your VMWARE server box... you got to need the above rule as well.
    (And i am assuming that you have server-box acting as your laptop gateway as well)

    Though this will help you.. Port forwarding tutorial http://amitsharma.linuxbloggers.com/portforwarding.htm

  9. #8
    Linux Enthusiast
    Join Date
    Dec 2004
    Posts
    637
    When you setup the guest OS did you use NAT or bridged networking?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •