-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday September 3 2003 09:58, Thomas Schneider wrote:
> On Wed, 3 Sep 2003 06:34:27 -0300
>
> Pupeno <[EMAIL PROTECTED]> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello Gentooers...
> > I'm trying to do port forwarding in my box... which has a dynamic ip
> > address and a local ip address of 10.0.0.1.
> > I want to redirect, for example, the incoming telnet port to another
> > ip at the local network, latter I want to do the same with a range of
> > ports (is that posible).
> > I'm trying to do it with iptables destination nat, I created this rule
> > Chain PREROUTING (policy ACCEPT 9177 packets, 1980K bytes)
> > pkts bytes target prot opt in out source
> > destination
> > 8 480 DNAT tcp -- any any anywhere
> > anywhere
> > tcp dpt:telnet to:10.0.0.4:23
> >
> > with this command "iptables -t nat -A PREROUTING -p tcp --dport 23 -j
> > DNAT - --to 10.0.0.4:23"
> > When I telnet to the routing box, I see that the counters for that
> > rule are incremented, so, it seems to be working, but I was told, that
> > I'm missing, a rule, that NATs the packets back... but I'm not sure
> > how to make that rule, can anyone help me ?
> > Thanks
>
> the only thing, that comes to my mind is, that you have to activate
> masquerading for outgoing packets and allow forwarding of established
> connections:
>
> iptables -t nat -A POSTROUTING -o <outgoing device> -j MASQUERADE
> iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -j
> ACCEPT
I already have those:
Chain POSTROUTING (policy ACCEPT 261 packets, 15968 bytes)
pkts bytes target prot opt in out source
destination
2412 147K MASQUERADE all -- any eth1 anywhere anywhere
and
Chain FORWARD (policy DROP 29 packets, 1668 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- any any anywhere anywhere
state INVALID
139K 180M ACCEPT all -- eth1 eth0 anywhere anywhere
state RELATED,ESTABLISHED
139K 8170K ACCEPT all -- eth0 eth1 anywhere anywhere
as well as
Chain INPUT (policy DROP 4824 packets, 773K bytes)
pkts bytes target prot opt in out source
destination
209 18037 ACCEPT all -- lo any anywhere anywhere
119K 11M ACCEPT all -- eth0 any anywhere anywhere
109K 101M ACCEPT all -- eth1 any anywhere anywhere
state RELATED,ESTABLISHED
9 540 ACCEPT tcp -- eth1 any anywhere anywhere
tcp dpt:ssh
0 0 ACCEPT tcp -- eth1 any anywhere anywhere
tcp dpt:telnet
am I still missing something ?
Thanks. (feel free to test it, by telneting to lab.pupeno.com)
- --
Pupeno: [EMAIL PROTECTED]
http://www.kde.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/VcKvLr8z5XzmSDQRAgFeAJwMk8kq3lVGaak0TuLJg5toF7Di7gCfTdeO
GVNJH5QkFno6/1JtuPDcZes=
=S/Tc
-----END PGP SIGNATURE-----
--
[EMAIL PROTECTED] mailing list
