Oct 14th, 2009
iptables rule for routing outside the range of the LAN
iptables rule for routing outside the range of the LAN.
LAN range - 192.168.1.0/24
Outside LAN IP - 10.0.4.2
To set a rule for routing incoming HTTP requests to a dedicated HTTP server at 10.0.4.2 (outside of the 192.168.1.0/24 range of the LAN), NAT calls a PREROUTING table to forward the packets to their proper destination:
iptables rules can be set to route traffic to certain machines, such as a dedicated HTTP or FTP server, in a demilitarized zone (DMZ) — a special local subnetwork dedicated to providing services on a public carrier such as the Internet.
With this command, all HTTP connections to port 80 from the outside of the LAN are routed to the HTTP server on a separate network from the rest of the internal network. This form of net work segmentation can prove safer than allowing HTTP connections to a machine on the network. If the HTTP server is configured to accept secure connections, then port 443 must be forwarded as well.