All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Ranjeet Shetye" <ranjeet.shetye@zultys.com>
To: netfilter@lists.netfilter.org
Subject: RE: natting specific ports
Date: Fri, 13 Dec 2002 11:34:09 -0800	[thread overview]
Message-ID: <000001c2a2de$9bcedca0$0100a8c0@zultys.com> (raw)
In-Reply-To: <CAFAAEC91CC8D511952000062938C6F12ECDC4@ozlan.fcdomain.net>


Yes,

You need to DNAT the destination ports and therefore you need to look
for them using the --dport flag extension of the -p tcp/udp flag.

i.e. for telnet you'll have "-p tcp --dport 23".

Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
771 Vaqueros Avenue
Sunnyvale  CA  94085
USA
Ranjeet.Shetye@Zultys.com
http://www.zultys.com/

 


> -----Original Message-----
> From: Simpson, Doug [mailto:DSimpson@friedmancorp.com] 
> Sent: Friday, December 13, 2002 11:19 AM
> To: 'Ranjeet Shetye'
> Subject: RE: natting specific ports
> 
> 
> I want this for traffic going out.  So that my internal 
> clients can send mail and telnet to servers out on the Public 
> Net. I need to use -dport instead of -sport? Thanks, Doug
> 
> -----Original Message-----
> From: Ranjeet Shetye [mailto:ranjeet.shetye@zultys.com]
> Sent: Friday, December 13, 2002 11:58 AM
> To: netfilter@lists.netfilter.org
> Subject: RE: natting specific ports
> 
> 
> 
> Hi Doug,
> 
> Do you want to NAT for traffic coming in or for traffic going out ?
> 
> If you want your internal network to be able to reach 
> external telnet and smtp servers, then your destination port 
> will be 23 or 25, not your source port.
> 
> If you want to host telnet and smtp servers behind a firewall 
> and allow only NATted access to these servers, then you 
> should be using DNAT, not SNAT.
> 
> Hope this helps,
> 
> Ranjeet Shetye
> Senior Software Engineer
> Zultys Technologies
> 771 Vaqueros Avenue
> Sunnyvale  CA  94085
> USA
> Ranjeet.Shetye@Zultys.com
> http://www.zultys.com/
> 
>  
> 
> 
> > -----Original Message-----
> > From: netfilter-admin@lists.netfilter.org
> > [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of 
> > Simpson, Doug
> > Sent: Friday, December 13, 2002 9:49 AM
> > To: 'netfilter@lists.netfilter.org'
> > Subject: natting specific ports
> > 
> > 
> > I want to "NAT" just specific ports to my Public IP.  Do the
> > commands below make sense?  I want my internal network to be 
> > able to telnet and send email. (eth0 is my External NIC - it 
> > is exposed to the internet) 
> > iptables -t nat -A POSTROUTING -p tcp --sport 25 -o eth0 -s 
> > $INTERNAL_IP -j SNAT --to $EXTERNAL_IP iptables -t nat -A 
> > POSTROUTING -p tcp --sport 23 -o eth0 -s $INTERNAL_IP -j SNAT 
> > --to $EXTERNAL_IP
> > 
> > Thank you,
> > Doug
> > 
> 
> 




       reply	other threads:[~2002-12-13 19:34 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAFAAEC91CC8D511952000062938C6F12ECDC4@ozlan.fcdomain.net>
2002-12-13 19:34 ` Ranjeet Shetye [this message]
     [not found] <CAFAAEC91CC8D511952000062938C6F12ECDC6@ozlan.fcdomain.net>
2002-12-13 20:14 ` natting specific ports Ranjeet Shetye
2002-12-13 17:48 Simpson, Doug
2002-12-13 17:57 ` Ranjeet Shetye

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='000001c2a2de$9bcedca0$0100a8c0@zultys.com' \
    --to=ranjeet.shetye@zultys.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.