On 5/11/06, Randy Clarksean <rclark at lakesplus.com> wrote: > > The following 3 commands are what I use to redirect a port to an > internal machine behind my firewall. I have used the same basic form > for rerouting port 8080 to port 80 on a machine behind my firewall, plus > routed things to a terminal server behind the firewall. \ > > The following example is to route any request from the outside to port > 1025 to port 22 on an internal machine (ssh port). I am guessing there > is a way to do it for a specific IP address as well .. but I do not use > that feature. > > $IPT -A FORWARD -p tcp -j ACCEPT --dport 1025 -m state --state NEW > > $IPT -t nat -A PREROUTING -i eth1 -p tcp --dport 1025 -j DNAT --to > 192.168.1.99:22 > > $IPT -t nat -A PREROUTING -p tcp -i INET_IFACE -d 172.16.5.47 --dport > 1025 -j DNAT --to-destination 192.168.1.99:22 > > These commands were taken from a working iptables file and they have > been tested numerous times and work. > > Hope this helps you do what you need to do. > > Randy Hi Randy, Thanks for the advice, but unfortunately a simple port forwarding is not what I was looking for. I needed something that could route based on hostname. So far, I don't think this is possible. So what I will be doing instead is getting a block of IP addresses and adding those IPs as aliases to my firewall's external IF. Then I will be doing a one-to-one NAT. It seems like a waste of IPs but managing 60 IPs will be easier then trying to keep track of 60 x 6 ports per host if I tried to forward different ports for every host. Thanks anyways! -Eric