Pe scurt: iptables -t nat -A PREROUTING -p tcp -d 192.168.0.1 --dport 5631 -j DNAT --to-destination 192.168.0.4 iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.4 --dport 5631 -j SNAT --to-source 192.168.0.1 echo 1 > /proc/sys/net/ipv4/conf/all/forwarding Daca faci doar DNAT, sursa pachetelor va ramane nealterata, iar destinatarul (192.168.0.4) va incerca sa raspunda conform sursei, adica jumatate de conexiune se face prin 192.168.0.1 iar cealalta jumatate (raspunsul server-ului) pe direct.
Dragos On Wed, Jan 05, 2005 at 04:40:32PM +0200, Dan V wrote: > Am si eu o nelamurire - de ce nu merge urmatoarea chestie? > Am toate modulele, dar nu merge DNAT. > MASQ pot face si merge totul ok. > Cum altfel pot face port forwarding ? > Multumesc, > Dan > > iptables -t nat -A PREROUTING -i eth1 -d 192.168.0.1 -p tcp --dport 5631 -j > DNAT --to-dest 192.168.0.4:5631 > iptables -t nat -A PREROUTING -i eth1 -d 192.168.0.1 -p udp --dport 5632 -j > DNAT --to-dest 192.168.0.4:5632 > > tra:~# telnet 192.168.0.1 5631 > Trying 192.168.0.1... > telnet: Unable to connect to remote host: Connection refused > tra:~# telnet 192.168.0.4 5631 > Trying 192.168.0.4... > Connected to 192.168.0.4. > Escape character is '^]'. > ^] > telnet> q > Connection closed. > tra:~# > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > > -- -- Attached file included as plaintext by Ecartis -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFB2/v4ONlM6PUJv7kRAinrAJwOZoAnxUS9OJssP1ynuUjuH3U4ggCeL9m0 hz/sGsD12k0thCWoRHj+9OQ= =Qp4N -----END PGP SIGNATURE----- --- Detalii despre listele noastre de mail: http://www.lug.ro/
