Subj : IPTables forwarding rule
To   : alt.linux,alt.os.linux,comp.os.linux,aus.computers.linux
From : Harry Phillips
Date : Wed Jul 21 2004 08:20 pm

I have a client with a firewall device that has a limited interface to 
iptables (I cannot ssh into it either). All you can do is forward a port 
to another IP address, you can't restrict it to a certain source IP.

I have set it up to forward port 22 to my Linux box, that then has 
IPTables to accept anything local and drop everything else except my 
ADSL modem IP.

Now I want to do a similar thing except forward the packets to another 
internal host. I have no idea where to start and what rules to use. The 
setup is:

                  _____________________
                 |  (firewall device)  |     |---> |192.168.1.50|
internet <----> |ext_ip  192.168.1.254| <---|---> |192.168.1.1 |
                 |_____________________|     |---> |192.168.1.x |


I want the Linux box (192.168.1.1) to forward port x to 192.168.1.50, 
but only if the source is my ADSL modem IP.

Do I use the NAT and PREROUTING, POSTROUTING, FORWARD? I have examples 
from the Internet if the Linux box and the host it is forwarding to are 
on different networks but not when they are on the same network.

-- 
Regards,
Harry Phillips

.