* Doubt about DNAT
@ 2002-09-10 14:16 Rodrigo Leme de Mello
2002-09-10 15:05 ` Antony Stone
2002-09-10 20:27 ` Stewart Thompson
0 siblings, 2 replies; 5+ messages in thread
From: Rodrigo Leme de Mello @ 2002-09-10 14:16 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 825 bytes --]
Hi all,
I am in trouble to do a rule. Anybody can help me?
I want to redirect all traffic from a specific valid ip and specific
destination port to a machine located inside a LAN.
This rule is to access SQL Server that is located inside a LAN and i have a
valid ip address in a linux machine with iptables.
I've tried the following:
Lan IP with SQL Server: 192.168.0.10
Valid IP with iptables: 200.221.98.123
Valid IP that will acess SQL Server. 200.206.123.112
This rule i've put in the machine 200.221.98.123
iptables -t nat -A PREROUTING -p tcp -s 200.206.123.112 --dport 1433 -j
DNAT --to 192.168.0.10
And now i configure my SQL Server to connect to 200.221.98.123 but i still
can't connect. Dou you have any idea why it is not working?
The ip's i've mentioned are just for example.
Thanks a lot
Rodrigo
[-- Attachment #2: Type: text/html, Size: 2551 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: Doubt about DNAT
@ 2002-09-10 14:45 Rob Sterenborg
0 siblings, 0 replies; 5+ messages in thread
From: Rob Sterenborg @ 2002-09-10 14:45 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 699 bytes --]
> Lan IP with SQL Server: 192.168.0.10
> Valid IP with iptables: 200.221.98.123
> Valid IP that will acess SQL Server. 200.206.123.112
>
> This rule i've put in the machine 200.221.98.123
>
> iptables -t nat -A PREROUTING -p tcp -s 200.206.123.112 --dport 1433 -j
DNAT --to 192.168.0.10
>
> And now i configure my SQL Server to connect to 200.221.98.123 but i still
can't connect. Dou you
I have something like :
iptables -A FORWARD -i <if_inet> -p tcp -d 192.168.0.10 --dport 1433 -j
ACCEPT
iptables -t nat -A PREROUTING -i <if_inet> -p tcp -s 200.206.123.112 -d
200.221.98.123 --dport 1433 -j DNAT --to 192.168.0.10:1433
Also take a look at your routing.
Routing should go both ways.
Rob
[-- Attachment #2: Type: text/html, Size: 1434 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Doubt about DNAT
2002-09-10 14:16 Doubt about DNAT Rodrigo Leme de Mello
@ 2002-09-10 15:05 ` Antony Stone
2002-09-10 20:27 ` Stewart Thompson
1 sibling, 0 replies; 5+ messages in thread
From: Antony Stone @ 2002-09-10 15:05 UTC (permalink / raw)
To: netfilter
On Tuesday 10 September 2002 3:16 pm, Rodrigo Leme de Mello wrote:
> Hi all,
>
> I am in trouble to do a rule. Anybody can help me?
>
> I want to redirect all traffic from a specific valid ip and specific
> destination port to a machine located inside a LAN.
>
> This rule is to access SQL Server that is located inside a LAN and i have a
> valid ip address in a linux machine with iptables.
>
> I've tried the following:
>
> Lan IP with SQL Server: 192.168.0.10
> Valid IP with iptables: 200.221.98.123
> Valid IP that will acess SQL Server. 200.206.123.112
>
> This rule i've put in the machine 200.221.98.123
>
> iptables -t nat -A PREROUTING -p tcp -s 200.206.123.112 --dport 1433 -j
> DNAT --to 192.168.0.10
>
> And now i configure my SQL Server to connect to 200.221.98.123 but i still
> can't connect. Dou you have any idea why it is not working?
1. Do you have a rule to allow the packets through, such as:
iptables -A FORWARD -s 200.206.123.112 -p tcp --dport 1433 -d 192.168.0.10 -j
ACCEPT
2. Try adding a LOG rule in your FORWARD and INPUT chains so you can see if
there are any other packets trying to get through which you didn't think of:
iptables -A FORWARD -s 200.206.123.112 -j LOG
iptables -A INPUT -s 200.206.123.112 -j LOG
Antony.
--
If at first you don't succeed, destroy all the evidence that you tried.
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: Doubt about DNAT
2002-09-10 14:16 Doubt about DNAT Rodrigo Leme de Mello
2002-09-10 15:05 ` Antony Stone
@ 2002-09-10 20:27 ` Stewart Thompson
2002-09-10 21:19 ` Rodrigo Leme de Mello
1 sibling, 1 reply; 5+ messages in thread
From: Stewart Thompson @ 2002-09-10 20:27 UTC (permalink / raw)
To: Rodrigo Leme de Mello, netfilter
[-- Attachment #1: Type: text/plain, Size: 1282 bytes --]
Hi Rodrigo:
Do you have a Forward rule to match the Prerouting rule?
Is your SQL server on the Internal Net expecting connections on
Port 1433?
Stu………
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Rodrigo Leme de
Mello
Sent: September 10, 2002 7:17 AM
To: netfilter@lists.samba.org
Subject: Doubt about DNAT
Hi all,
I am in trouble to do a rule. Anybody can help me?
I want to redirect all traffic from a specific valid ip and specific
destination port to a machine located inside a LAN.
This rule is to access SQL Server that is located inside a LAN and i have a
valid ip address in a linux machine with iptables.
I've tried the following:
Lan IP with SQL Server: 192.168.0.10
Valid IP with iptables: 200.221.98.123
Valid IP that will acess SQL Server. 200.206.123.112
This rule i've put in the machine 200.221.98.123
iptables -t nat -A PREROUTING -p tcp -s 200.206.123.112 --dport 1433 -j
DNAT --to 192.168.0.10
And now i configure my SQL Server to connect to 200.221.98.123 but i still
can't connect. Dou you have any idea why it is not working?
The ip's i've mentioned are just for example.
Thanks a lot
Rodrigo
[-- Attachment #2: Type: text/html, Size: 14437 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Doubt about DNAT
2002-09-10 20:27 ` Stewart Thompson
@ 2002-09-10 21:19 ` Rodrigo Leme de Mello
0 siblings, 0 replies; 5+ messages in thread
From: Rodrigo Leme de Mello @ 2002-09-10 21:19 UTC (permalink / raw)
To: stewart.thompson, netfilter
[-- Attachment #1: Type: text/plain, Size: 1664 bytes --]
Hi Stewart,
Yeap! I have and my SQL Server is set with the default configuration, that
put it to listen on 1433.
I've also did a port scan to check if the port is open and it is.
Thanks for youe help
Rodrigo
----- Original Message -----
From: Stewart Thompson
To: Rodrigo Leme de Mello ; netfilter@lists.samba.org
Sent: Tuesday, September 10, 2002 5:27 PM
Subject: RE: Doubt about DNAT
Hi Rodrigo:
Do you have a Forward rule to match the Prerouting rule?
Is your SQL server on the Internal Net expecting connections on
Port 1433?
Stu...
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Rodrigo Leme de
Mello
Sent: September 10, 2002 7:17 AM
To: netfilter@lists.samba.org
Subject: Doubt about DNAT
Hi all,
I am in trouble to do a rule. Anybody can help me?
I want to redirect all traffic from a specific valid ip and specific
destination port to a machine located inside a LAN.
This rule is to access SQL Server that is located inside a LAN and i have a
valid ip address in a linux machine with iptables.
I've tried the following:
Lan IP with SQL Server: 192.168.0.10
Valid IP with iptables: 200.221.98.123
Valid IP that will acess SQL Server. 200.206.123.112
This rule i've put in the machine 200.221.98.123
iptables -t nat -A PREROUTING -p tcp -s 200.206.123.112 --dport 1433 -j
DNAT --to 192.168.0.10
And now i configure my SQL Server to connect to 200.221.98.123 but i still
can't connect. Dou you have any idea why it is not working?
The ip's i've mentioned are just for example.
Thanks a lot
Rodrigo
[-- Attachment #2: Type: text/html, Size: 16487 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-09-10 21:19 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-10 14:16 Doubt about DNAT Rodrigo Leme de Mello
2002-09-10 15:05 ` Antony Stone
2002-09-10 20:27 ` Stewart Thompson
2002-09-10 21:19 ` Rodrigo Leme de Mello
-- strict thread matches above, loose matches on Subject: below --
2002-09-10 14:45 Rob Sterenborg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.