From: "Ranjeet Shetye" <ranjeet.shetye@zultys.com>
To: netfilter@lists.netfilter.org
Subject: RE: natting specific ports
Date: Fri, 13 Dec 2002 12:14:25 -0800 [thread overview]
Message-ID: <000001c2a2e4$3bc22e60$0100a8c0@zultys.com> (raw)
In-Reply-To: <CAFAAEC91CC8D511952000062938C6F12ECDC6@ozlan.fcdomain.net>
Aargh! My apologies.
You are right, you need to SNAT the packet, not DNAT. And therefore you
will have to use POSTROUTING.
Also, you still need to use "-p tcp --dport 23" for Telnet or "-p tcp
--dport 25" for mail servers (that are using SMTP).
Sorry about the confusion there. :D
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
771 Vaqueros Avenue
Sunnyvale CA 94085
USA
Ranjeet.Shetye@Zultys.com
http://www.zultys.com/
> -----Original Message-----
> From: Simpson, Doug [mailto:DSimpson@friedmancorp.com]
> Sent: Friday, December 13, 2002 11:50 AM
> To: 'Ranjeet Shetye'
> Subject: RE: natting specific ports
>
>
> Do I still use POSTROUTING or PRE . . .
>
> -----Original Message-----
> From: Ranjeet Shetye [mailto:ranjeet.shetye@zultys.com]
> Sent: Friday, December 13, 2002 1:34 PM
> To: netfilter@lists.netfilter.org
> Subject: RE: natting specific ports
>
>
>
> Yes,
>
> You need to DNAT the destination ports and therefore you need
> to look for them using the --dport flag extension of the -p
> tcp/udp flag.
>
> i.e. for telnet you'll have "-p tcp --dport 23".
>
> Ranjeet Shetye
> Senior Software Engineer
> Zultys Technologies
> 771 Vaqueros Avenue
> Sunnyvale CA 94085
> USA
> Ranjeet.Shetye@Zultys.com
> http://www.zultys.com/
>
>
>
>
> > -----Original Message-----
> > From: Simpson, Doug [mailto:DSimpson@friedmancorp.com]
> > Sent: Friday, December 13, 2002 11:19 AM
> > To: 'Ranjeet Shetye'
> > Subject: RE: natting specific ports
> >
> >
> > I want this for traffic going out. So that my internal
> > clients can send mail and telnet to servers out on the Public
> > Net. I need to use -dport instead of -sport? Thanks, Doug
> >
> > -----Original Message-----
> > From: Ranjeet Shetye [mailto:ranjeet.shetye@zultys.com]
> > Sent: Friday, December 13, 2002 11:58 AM
> > To: netfilter@lists.netfilter.org
> > Subject: RE: natting specific ports
> >
> >
> >
> > Hi Doug,
> >
> > Do you want to NAT for traffic coming in or for traffic going out ?
> >
> > If you want your internal network to be able to reach
> > external telnet and smtp servers, then your destination port
> > will be 23 or 25, not your source port.
> >
> > If you want to host telnet and smtp servers behind a firewall
> > and allow only NATted access to these servers, then you
> > should be using DNAT, not SNAT.
> >
> > Hope this helps,
> >
> > Ranjeet Shetye
> > Senior Software Engineer
> > Zultys Technologies
> > 771 Vaqueros Avenue
> > Sunnyvale CA 94085
> > USA
> > Ranjeet.Shetye@Zultys.com
> > http://www.zultys.com/
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: netfilter-admin@lists.netfilter.org
> > > [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of
> > > Simpson, Doug
> > > Sent: Friday, December 13, 2002 9:49 AM
> > > To: 'netfilter@lists.netfilter.org'
> > > Subject: natting specific ports
> > >
> > >
> > > I want to "NAT" just specific ports to my Public IP. Do the
> > > commands below make sense? I want my internal network to
> be able to
> > > telnet and send email. (eth0 is my External NIC - it is
> exposed to
> > > the internet) iptables -t nat -A POSTROUTING -p tcp --sport 25 -o
> > > eth0 -s $INTERNAL_IP -j SNAT --to $EXTERNAL_IP iptables -t nat -A
> > > POSTROUTING -p tcp --sport 23 -o eth0 -s $INTERNAL_IP -j SNAT
> > > --to $EXTERNAL_IP
> > >
> > > Thank you,
> > > Doug
> > >
> >
> >
>
>
>
next parent reply other threads:[~2002-12-13 20:14 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAFAAEC91CC8D511952000062938C6F12ECDC6@ozlan.fcdomain.net>
2002-12-13 20:14 ` Ranjeet Shetye [this message]
[not found] <CAFAAEC91CC8D511952000062938C6F12ECDC4@ozlan.fcdomain.net>
2002-12-13 19:34 ` natting specific ports Ranjeet Shetye
2002-12-13 17:48 Simpson, Doug
2002-12-13 17:57 ` Ranjeet Shetye
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000001c2a2e4$3bc22e60$0100a8c0@zultys.com' \
--to=ranjeet.shetye@zultys.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.