Sorry this took so long. In any case I've included all the parts of my
rules file that I think are relevent below. Let me know if there is
anything else needed.
When I send packets to 134.173.95.144 I see them appear in the tcpdump
on the incoming interface (eth2). I also see them in my kernel log from
the log entry in the prerouting chain. I however do not see them in my
forward chain and they don't actually make it to 192.168.5.9. (I've
tried adding logging rules there, but the packets don't appear. All my
drop rules are preceded by a log step.)
Firewall Rules
======
Chain PREROUTING (policy ACCEPT 13M packets, 2207M bytes)
pkts bytes target prot opt in out source
destination
3 144 LOG tcp -- eth2 * 134.173.64.0/19
134.173.95.144 tcp dpt:3389 LOG flags 0 level 4
3 144 DNAT tcp -- eth2 * 134.173.64.0/19
134.173.95.144 tcp dpt:3389 to:192.168.5.9:3389
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- eth2 eth3 134.173.64.0/19
192.168.5.9 tcp dpt:3389
Routing Rules
=====
# ip rule
0: from all lookup local
200: from 134.173.69.154/31 lookup 200
201: from 134.173.91.144/30 lookup 201
202: from 134.173.95.144/30 lookup 202
203: from 192.168.5.128/25 lookup 203
204: from 192.168.5.0/25 lookup 204
250: from all lookup 250
# ip route show table 250
192.168.5.0/24 dev eth3 scope link
134.173.68.0/23 dev eth0 scope link
134.173.92.0/22 dev eth2 scope link
134.173.88.0/22 dev eth1 scope link
default via 134.173.69.254 dev eth0
pramod wrote:
Can u attach ur Rules file..
thanks
pramod
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
