Quote:
Originally Posted by appleluo
I am trying to configure the iptable to do port forwarding for certain request. The scenario is like this:
Login node A can be accessed from outside. Compute node B running the service can be accessed from A but not from outside. I want to set up iptables so that a request for the service on B from outside can be accessed through A.
A has two ethernet ports: Internal eth0, with ip internal_A and External eth1, with ip external_A.
B has 1 ethernet port, internal eth0. let's say its ip is internal_B
The service listens to internal_B:5900. We open external_A:10000 for user access.
I configure my iptables with the following commands which was copied from some existing system:
1. echo 1> /proc/sys/net/ipv4/ip_forward
2. /sbin/iptables -P FORWARD ACCEPT
3. /sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
4. /sbin/iptables -A PREROUTING -p tcp -t nat --dport 10000 -j DNAT --to-destination interal_B:5900
5. /sbin/iptables -A OUTPUT -p tcp -t nat -d external_A --dport 10000 -j DNAT --to-destination internal_B:5900
But it didn't work. The client always receive the following error message:
Network error: could not connect to server: Hostname_A:10000
Can anybody please help.
Thanks in advance.
|
Do you have a rule to allow RELATED,ESTABLISHED traffic?
You should have an output specified for your MASQUERADE rule
Does the server your natting to have the firewall as its gateway?