-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday September 3 2003 09:58, Thomas Schneider wrote: > On Wed, 3 Sep 2003 06:34:27 -0300 > > Pupeno <[EMAIL PROTECTED]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hello Gentooers... > > I'm trying to do port forwarding in my box... which has a dynamic ip > > address and a local ip address of 10.0.0.1. > > I want to redirect, for example, the incoming telnet port to another > > ip at the local network, latter I want to do the same with a range of > > ports (is that posible). > > I'm trying to do it with iptables destination nat, I created this rule > > Chain PREROUTING (policy ACCEPT 9177 packets, 1980K bytes) > > pkts bytes target prot opt in out source > > destination > > 8 480 DNAT tcp -- any any anywhere > > anywhere > > tcp dpt:telnet to:10.0.0.4:23 > > > > with this command "iptables -t nat -A PREROUTING -p tcp --dport 23 -j > > DNAT - --to 10.0.0.4:23" > > When I telnet to the routing box, I see that the counters for that > > rule are incremented, so, it seems to be working, but I was told, that > > I'm missing, a rule, that NATs the packets back... but I'm not sure > > how to make that rule, can anyone help me ? > > Thanks > > the only thing, that comes to my mind is, that you have to activate > masquerading for outgoing packets and allow forwarding of established > connections: > > iptables -t nat -A POSTROUTING -o <outgoing device> -j MASQUERADE > iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -j > ACCEPT
I already have those: Chain POSTROUTING (policy ACCEPT 261 packets, 15968 bytes) pkts bytes target prot opt in out source destination 2412 147K MASQUERADE all -- any eth1 anywhere anywhere and Chain FORWARD (policy DROP 29 packets, 1668 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- any any anywhere anywhere state INVALID 139K 180M ACCEPT all -- eth1 eth0 anywhere anywhere state RELATED,ESTABLISHED 139K 8170K ACCEPT all -- eth0 eth1 anywhere anywhere as well as Chain INPUT (policy DROP 4824 packets, 773K bytes) pkts bytes target prot opt in out source destination 209 18037 ACCEPT all -- lo any anywhere anywhere 119K 11M ACCEPT all -- eth0 any anywhere anywhere 109K 101M ACCEPT all -- eth1 any anywhere anywhere state RELATED,ESTABLISHED 9 540 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:ssh 0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:telnet am I still missing something ? Thanks. (feel free to test it, by telneting to lab.pupeno.com) - -- Pupeno: [EMAIL PROTECTED] http://www.kde.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/VcKvLr8z5XzmSDQRAgFeAJwMk8kq3lVGaak0TuLJg5toF7Di7gCfTdeO GVNJH5QkFno6/1JtuPDcZes= =S/Tc -----END PGP SIGNATURE----- -- [EMAIL PROTECTED] mailing list