ipchains

The "ipmasqadm" tool can be used to work with packets as they hit the network
layer. One use of the tool is to setup port forwarding, for example, a web server
on the internal network. The HTTP request at the gateway on port 80 will be
forwarded to port 80 on the internal web server. This utility may not be shipped
with your distribution, if not, you can download it as an RPM and install it.

	/etc/rc.d/rc.local:
		/usr/sbin/ipmasqadm portfw -f
		/usr/sbin/ipmasqadm portfw -a -P tcp -L x.x.x.x 80 -R y.y.y.y 80

The above configuration on your gateway will instruct it to forward HTTP requests
on port 80 to port 80 on an internal machine. The first line flushes the port
forwarding rules. The second line is the configuration for port 80 on the external
interface to forward to port 80 on the internal interface. The external static IP
address goes to x.x.x.x and the internal machine's IP address goes in the y.y.y.y.

This cannot be tested from the internal network, the port forwarder only honors
requests coming in on the external interface.

#------------------------------------------------------------------------------------

% ipchains -P forward DENY
% ipchains -A forward -i ppp0 -j MASQ
% echo "1" > /proc/sys/net/ipv4/ip_forward

#------------------------------------------------------------------------------------