Bureaucrats, dave_user, Administrators
4,650
edits
Changes
→Implementation
** All TCP packets on port 80 in input from ''eth0'' interface are modified with destination ip adddress ''192.168.11.241'' port 80
* <code>iptables -A FORWARD -p tcp -d 192.168.11.241 --dport 80 -j ACCEPT</code>
** This rule tells forward chain in the filter table to accept TCP packets on port 80 with destination IP address equal to ''192.168.11.241''. This rule is not strictly necessary, because by default filter tables accepts all packets. But it is useful for logging and packet statistic (see [[#Enabling_logging | Enabling_loggingEnabling logging]])
* <code>iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 192.168.11.241 -o eth1 -j SNAT --to-source 192.168.11.209</code>
** This rule translate the source IP address of all the TCP packets on port 80 in output on ''eth1'' interface with destination IP address equal to ''192.168.11.241''
