[vpn-help] Port forwarding to host behind Shrew
lestoilfante
lestoilfante at gmail.com
Mon Mar 26 09:46:17 CDT 2012
On my testing linux host I have a working http port forwarding to host
behind it and I'm looking to make this working also on ShrewSoft virtual
adapter.
My situation is something like this:
LAN 192.168.1.0/24 --- FIREWALL ---- [INTERNET] ---- [WAN 1.1.1.1]HOST1
with Shrewsoft[VIRTUAL ADAPTER 192.168.2.1][LAN 10.0.0.1] ---
HOST2[10.0.0.2]
Actually traffic from INTERNET to 1.1.1.1:80 is forwarded to HOST2 IP, I
would like to also have http traffic coming from 192.168.1.0 to ShrewSoft
virtual ip 192.168.2.1 be forwared to HOST2 IP.
My iptables is the following:
*filter
>
> :INPUT DROP [113:16645]
>
> :FORWARD DROP [0:0]
>
> :OUTPUT DROP [0:0]
>
> -A INPUT -i lo -j ACCEPT
>
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> -A FORWARD -o eth0 -p tcp -m tcp --dport 80 -j ACCEPT
>
> -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> -A FORWARD -j ACCEPT
>
> -A OUTPUT -o lo -j ACCEPT
>
> -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
>
> COMMIT
>
> #
>
> #
>
> *nat
>
> :PREROUTING ACCEPT [683:182341]
>
> :POSTROUTING ACCEPT [298:68050]
>
> :OUTPUT ACCEPT [147:9295]
>
> -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.2
>
> COMMIT
>
> #
>
> #
>
> *mangle
>
> :PREROUTING ACCEPT [73446:84206855]
>
> :INPUT ACCEPT [34677:47173489]
>
> :FORWARD ACCEPT [38769:37033366]
>
> :OUTPUT ACCEPT [19988:1806151]
>
> :POSTROUTING ACCEPT [56744:38483902]
>
> COMMIT
>
>
Does anyone have suggestions?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20120326/fe3300b3/attachment-0001.html>
More information about the vpn-help
mailing list