> Jule Slootbeek wrote: > >>Tarragon, >> >>a pair of these rules: >>(eth0: external) >>iptables -A FORWARD -m state --state NEW -p tcp -i eth0 -d 192.168.0.2 >>--dport 2401 >>iptables -t nat -A POSTROUTING -i eth0 -p tcp --dport 2401 -j DNAT >>--to-destination 192.168.0.1:2401 >> >>still does not show the port 2401 open with an nmap localhost op the >> gateway.
(Forgive my bad quoting, I just subscribed and I'm lacking the parent message). My hypothesis: your DNAT only works for packets coming in through interface eth0. If you nmap localhost, the packets it's sending will come in through interface lo. Thus, they won't be DNATed. Try to run "nmap your_ip_address" instead. Roland. -- Roland Mas If you're ever confused as to which mode you're in, keep entering the <escape> key until vi beeps at you. -- nvi manual page.
