[ilugd] An "iptables" problem on Debian Etch (amd64)

Mon, 22 Oct 2007 01:32:28 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I used to connect to internet by PPPoE dialing to my ISP from my box
(172.16.0.3). I wanted to DNAT TCP packets coming from external world
on "9053" TCP port of "ppp0" interface (which gets created a result of
PPPoE dialing) to the my machine's ethernet interface (eth0)'s TCP port
"1203".

The network service which I wanted to expose is listening on 172.16.0.3:1203 .

For that I've created following iptables rules:

iptables -t filter -A INPUT   -i ppp0 -p tcp -m state --state NEW --dport 9053 
-j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 9053 -j DNAT 
--to-destination 172.16.0.3:1203
iptables -t filter -A FORWARD -d 172.16.0.3 -p tcp --dport 1203 -j ACCEPT

But unfortunately above rules are not working as documented. I've then
modified service to listen on same TCP port as exposed to external world,
i.e. "9053" . And also modified iptables rules accordingly and it
worked. Following are the new rules:

iptables -t filter -A INPUT   -i ppp0 -p tcp -m state --state NEW --dport 9053 
-j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 9053 -j DNAT 
--to-destination 172.16.0.3
iptables -t filter -A FORWARD -d 172.16.0.3 -p tcp --dport 9053 -j ACCEPT

I'm running Linux kernel version "2.6.18-5-amd64", can anyone tell what
I'm doing wrong ?

TIA
Ashish Shukla 
- -- 
Ashish Shukla "Wah Java !!"
आशीष शुक्ल

weblog: http://wahjava.wordpress.com/

  ,= ,-_-. =.  | DRMs are often designed by ambitious, well-funded consortia, |
 ((_/)o o(\_)) | with top-notch engineers from every corner of the industry.  |
  `-'(. .)`-'  | They spend millions. They take years. They are defeated in   |
      \_/      | days, for pennies, by hobbyists.        - Cory Doctorow      |
 
The best optimizer is between your ears.
                                  - Michael Abrash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHHF+pHy+EEHYuXnQRAvgmAKCKcT/VMBCW2RA6zZMAlBYFAb9hJACgoqrK
dviQXyQs4fAF5O3EB6Lwvlg=
=hpAF
-----END PGP SIGNATURE-----

_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Next Event: http://freed.in - September 28-29, 2007
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Reply via email to