From: <sc2@gmx.at>
To: netfilter@lists.netfilter.org
Subject: Re: Forwarding help
Date: Thu, 27 Nov 2003 12:07:36 +0100 [thread overview]
Message-ID: <002901c3b4d6$ab0bbca0$14d36c50@anonymous> (raw)
In-Reply-To: 200311262230.31909.Antony@Soft-Solutions.co.uk
Thx for answer antony
here the complet rules list, sorry for this xx.xx.xx it was stupid from me
(full range)...
Ip : xx.xxx.24.51 , should be fw to ip: xx.xxx.24.58
(only for 1 port)
thank you
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -j LOG
iptables -A FORWARD -p udp -d xx.xxx.24.58 --dport xxx21 -j ACCEPT
iptables -t nat -A PREROUTING -p udp -d xx.xxx.24.51 --dport xxx21 -j
DNAT --to xx.xxx.24.58:xx021
iptables -A FORWARD -p tcp -d xx.xxx.24.58 --dport xxx21 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d xx.xxx.24.51 --dport xxx21 -j
DNAT --to xx.xxx.xx.58:xxx21
> On Wednesday 26 November 2003 10:03 pm, sc2@gmx.at wrote:
>
> > hello
> > i use iptables .7, but it does not work (forward) , any ideas?
> > thank you ,
> > ps: same rules down i have make for tcp match not only for udp
> >
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> > iptables -F FORWARD
> > iptables -t nat -F
> > iptables -A FORWARD -j LOG
> > iptables -A FORWARD -p udp -d ip --dport port -j ACCEPT
> > iptables -t nat -A PREROUTING -p udp -d ip --dport port -j DNAT --to
> > ip:port
>
> I assume in that last rule the two occurrences of "ip" are different.
>
> Which one is specified in the FORWARD rule? Make sure it is the
translated
> address (ie the address on the packet after it has gone through the
> PREROUTING rule), because it will no longer have the original destination
> address by the time it hits the FORWARD chain.
>
> If that's not the answer then post your actual ruleset (by all means munge
the
> addresses if you don't want us to know exactly what they are, but let us
see
> which ones are which...)
>
> Antony.
>
> --
> Wanted: telepath. You know where to apply.
>
> Please reply to the
list;
> please don't CC
me.
>
>
>
next prev parent reply other threads:[~2003-11-27 11:07 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-26 22:03 Forwarding help sc2
2003-11-26 22:30 ` zechim
2003-11-26 22:30 ` Antony Stone
2003-11-27 11:07 ` sc2 [this message]
2003-11-27 11:34 ` Antony Stone
2003-11-27 12:48 ` sc2
2003-11-27 12:58 ` Antony Stone
2003-11-27 13:14 ` Ray Leach
2003-11-27 13:21 ` Antony Stone
-- strict thread matches above, loose matches on Subject: below --
2003-11-20 20:26 Forwarding Help Michael Menges
2003-11-20 20:40 ` Antony Stone
2003-11-20 21:23 ` Jeffrey Laramie
2003-11-20 21:37 ` Antony Stone
2003-11-20 21:20 ` Eric Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='002901c3b4d6$ab0bbca0$14d36c50@anonymous' \
--to=sc2@gmx.at \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.