|
Forward Packets b/w Networks with iptables
These iptables rules assume your eth0 interface is on your
"public" network while the eth1 interface is on your "private"
network. We have used this many times to allow communication
between a corporate local area network (LAN) and a non-routed
storage area network (SAN).
#
# Forward LAN packets to the SAN
#
iptables -F
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -o eth1 -j ACCEPT
iptables -t nat -A POST -o eth0 -j MASQUERADE
iptables -t nat -A PRE -i eth0 -p tcp --dport 23 -j DNAT --to [IP]:23
iptables -t nat -A PRE -i eth0 -p tcp --dport 80 -j DNAT --to [IP]:80
iptables -t nat -A PRE -i eth0 -p udp --dport 161 -j DNAT --to [IP]:161
#
# Forward SAN packets to the LAN
#
iptables -t nat -A PRE -i eth1 -p tcp --dport 25 -j DNAT --to [IP]:25
iptables -t nat -A PRE -i eth1 -p udp --dport 123 -j DNAT --to [IP]:123
iptables -t nat -A PRE -i eth1 -p udp --dport 514 -j DNAT --to [IP]:514
Obviously change the IP addresses and pick your forwarded ports.
- Scotech
| 
