Hello, I've tried with this parameter - --to-destination but it's still not working. I have no two nics nor in PC nor in RPI. Is there a way then to change the source IP address during the forwarding process?
-- Best regards, Aleksander Kurczyk ---------------------------------------- > Date: Fri, 14 Feb 2014 16:04:49 +0000 > From: j...@jretrading.com > To: debian-user@lists.debian.org > Subject: Re: iptables and redirection traffic from one PC to another > > On Fri, 14 Feb 2014 16:32:21 +0100 > Aleksander Kurczyk <akurc...@outlook.com> wrote: > >> Hi, >> >> Now my firewall looks like this: >> >> sudo iptables -F >> sudo iptables -P INPUT DROP >> sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j >> ACCEPT sudo iptables -A INPUT -i lo -j ACCEPT >> sudo iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT >> sudo iptables -A INPUT -p tcp --dport 22005 -j ACCEPT >> sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT >> sudo iptables -A INPUT -p tcp --dport 81 -j ACCEPT >> sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 81 -j DNAT >> --to 192.168.0.10:80 > > I believe this '--to' should be '--to-destination', I have an old rule > using the latter, but I haven't run any traffic through it for a few > years, and iptables does evolve slowly, so things might be different > now. >> >> I've found that if the FORWARD "-a" default policy is to accept >> everything I don't have to use the second rule. I think that the >> problem is that my Raspberry is not mine router so the PC is >> responding directrly to the router which in turns don't know what to >> do. Is there a way to make iptables make my PC responding to it and >> then to the router - some IP level proxy etc.? >> > > Your problem here is that the default gateway of your PC is the router, > not the Pi. This is normally avoided by using a two-NIC computer as the > firewall-router, when this machine become the network default gateway. > > You may be able to make the Pi the default gateway for the PC, and add > enough forwarding rules to the Pi firewall to allow the PC the Internet > access it needs. Alternatively, you could try routing rules in the PC > firewall (assuming it is a Linux machine) which would return packets > with a source port of 80 to the Pi instead of the default gateway. > > But try '--to-destination' first, as the Pi might currently not be > re-writing the source address of packets sent to the PC, and this might > make a difference. I can't say for sure as my rule worked, but that was > via a two-NIC machine which was the network default gateway, so > re-writing might not have been occurring. > > -- > Joe > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20140214160449.7f0c6...@jretrading.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/dub125-w15560afce373e0834a904dda...@phx.gbl