Thread: require shell script
View Single Post

  #4 (permalink)  
Old 04-12-2006, 09:03 AM
rockdalinux's Avatar
rockdalinux rockdalinux is offline
Contributors
User
  
Join Date: May 2005
Location: Bangalore
My distro: RHEL, HP-UX, Solaris, FreeBSD, Ubuntu
Posts: 581
Rep Power: 7
rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough
Default
Ok so you wanna have a Windows server on your internal network that you want make available externally, you can use the -j DNAT target of the PREROUTING chain in NAT to specify a destination IP address and port where incoming packets requesting a connection to your internal service can be forwarded. For example, if you wanted to forward incoming UDP 3389 requests to your dedicated Windows Server server system at 172.31.0.5, run the following command at shell prompt (or add to your iptables script):

Enable ip forward, type following command at shell prompt:
Code:
sysctl -w net.ipv4.ip_forward=1
Type following iptables rules at shell or in your script:
Code:
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -o eth1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 3389 -j DNAT --to 172.31.0.5:3389
iptables -A FORWARD -i eth0 -p udp --dport 3389 -d 172.31.0.5 -j ACCEPT
So all user will connect to public IP and connection will go to windows server 172.31.0.5.

Code:
Public IP -->Linux Box/Router --> Windows box
3389     -->    forward to        --> internal windows box 172.31.0.5
eth0 ==> assuming the firewall/gateway is assigned public IP address on eth0
eth1 ==> assuming the firewall/gateway is assigned an internal IP address on eth1
__________________
Rocky Jr.
You may have my body & soul, but you will never touch my pride!

If you have knowledge, let others light their candles at it.

Certified to work on HP-UX / Sun Solaris / RedHat
Reply With Quote