how to allow an external ip

This topic contains 6 replies, has 0 voices, and was last updated by  anatar 8 years, 5 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #42631

    anatar
    Member

    hi
    how in zs to allow an external ip to connect to a web server inside the lan ?

    The customer arrive by fixed ip LAN and must be redirect to a webserver inside the lan
    I want to manage the redirect by the ip customer

    example:
    the customer who have the adress XXXX must be redirect to the web server 192.168.1.2
    the customer who have the adress yyyy must be redirect to the web server 192.168.1.3

    iptables –I PREROUTING –t nat –p tcp –i eth1 –s xxxx –dport 80 –j DNAT –to 192.168.1.2:80
    iptables –I FORWARD –p tcp –i eth1 –s xxxx –d 192.168.1.2 –dport 80 –j ACCEPT
    I thinks that is the right rule where eth1 is the ip external fixed interface

    thanks a lot

    #51054

    ppalias
    Member

    I think the correct syntax should be:

    iptables -t nat -I PREROUTING -p tcp -i eth1 -s xxxx -dport 80 -j DNAT -to 192.168.1.2:80

    the difference is that “-t nat” comes second after “iptables”

    #51055

    anatar
    Member

    tks for your answer
    the correct line after test in zs is:
    iptables -t nat -I PREROUTING -p tcp -i ETH01 -s xxxx –dport 80 -j DNAT –to 192.168.1.2:80

    #51056

    anatar
    Member

    I must write this line script editor startup/cron ?
    tks

    #51057

    ppalias
    Member

    Yes, there is a special entry in the drop down menu of the Startup/Cron called “NAT and virtual servers”

    #51058

    anatar
    Member

    tks

    #51059

    anatar
    Member

    don’t forget to put some forward rule in firewall settings
    the bold characters are the field ‘s name in forward firewall rule popup
    iptables –I FORWARD –p tcp –i eth1 –s(Source IP) xxxx –d(destination IP) 192.168.1.2 –dport (Dest. Port) 80 –j ACCEPT

    #51060

    ppalias
    Member

    No need, the PREROUTING rule is checked before the FORWARD.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.