how to allow an external ip Home Page › Forums › Network Management › Firewall, Traffic Shaping and Net Balancer › how to allow an external ip This topic contains 6 replies, has 0 voices, and was last updated by anatar 9 years, 4 months ago. Viewing 8 posts - 1 through 8 (of 8 total) Author Posts September 8, 2010 at 3:03 pm #42631 anatarMember hi how in zs to allow an external ip to connect to a web server inside the lan ? The customer arrive by fixed ip LAN and must be redirect to a webserver inside the lan I want to manage the redirect by the ip customer example: the customer who have the adress XXXX must be redirect to the web server 192.168.1.2 the customer who have the adress yyyy must be redirect to the web server 192.168.1.3 iptables –I PREROUTING –t nat –p tcp –i eth1 –s xxxx –dport 80 –j DNAT –to 192.168.1.2:80 iptables –I FORWARD –p tcp –i eth1 –s xxxx –d 192.168.1.2 –dport 80 –j ACCEPT I thinks that is the right rule where eth1 is the ip external fixed interface thanks a lot September 9, 2010 at 6:45 am #51054 ppaliasMember I think the correct syntax should be: iptables -t nat -I PREROUTING -p tcp -i eth1 -s xxxx -dport 80 -j DNAT -to 192.168.1.2:80 the difference is that “-t nat” comes second after “iptables” September 9, 2010 at 8:11 am #51055 anatarMember tks for your answer the correct line after test in zs is: iptables -t nat -I PREROUTING -p tcp -i ETH01 -s xxxx –dport 80 -j DNAT –to 192.168.1.2:80 September 9, 2010 at 8:41 am #51056 anatarMember I must write this line script editor startup/cron ? tks September 9, 2010 at 6:56 pm #51057 ppaliasMember Yes, there is a special entry in the drop down menu of the Startup/Cron called “NAT and virtual servers” September 10, 2010 at 1:25 pm #51058 anatarMember tks September 20, 2010 at 9:23 am #51059 anatarMember don’t forget to put some forward rule in firewall settings the bold characters are the field ‘s name in forward firewall rule popup iptables –I FORWARD –p tcp –i eth1 –s(Source IP) xxxx –d(destination IP) 192.168.1.2 –dport (Dest. Port) 80 –j ACCEPT September 24, 2010 at 11:58 am #51060 ppaliasMember No need, the PREROUTING rule is checked before the FORWARD. Author Posts Viewing 8 posts - 1 through 8 (of 8 total) You must be logged in to reply to this topic.