Port forwarding... kinda...

[robzy]

Hey guys,

A quick explanation of my LAN setup: I have a hardware router (192.168.1.1) with two PCs (192.168.1.6 = gentoo) and (192.168.1.5 = WinXP).

I have set everything up so that Gentoo/.1.6 is sitting on the DMZ and runs apache/squid/webmin/etc using an iptables firewall.

WinXP/.1.5 is merely a workstation and essentially has no "knowledge" of the linux box in any way.

However, now i want to run a daemon on the WinXP/.1.5 box (lets say port 567, but as the hardware router is set up to keep Gentoo/.1.6 on the DMZ i want to use Gentoo/.1.6 to do the port forwarding.

So how can i make all traffic apearing on port 5678 of the Gentoo/.1.6 box "forward onto" the WinXP/.1.5 box using iptables?

Thankyou a lot,
Rob.

[framp]

That's an extract from a rule in my FW script for an udp port:

GW_IP="external_ip / internet IP of gentoo box"
DPORT="destinationPort on XP (567)"
IP="destinationIP of XP (192.168.1.5)"

iptables -t nat -A PREROUTING -p udp -d $GW_IP --dport $DPORT -j DNAT --to $IP
iptables -A FORWARD -p udp -i dsl0 -o nic0 -s 0/0 -d $IP --dport $DPORT -j ACCEPT
iptables -A FORWARD -p udp -i nic0 -o dsl0 -d 0/0 -s $IP --sport $DPORT -j ACCEPT

You have to change dsl0 (external NIC) and nic0 (internat NIC) to reflect your local config.