From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
To: Alaios <alaios@yahoo.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Plz i need help.... or i ll be fired :(
Date: Tue, 27 Sep 2005 11:58:12 -0400 [thread overview]
Message-ID: <1127836692.2652.31.camel@localhost> (raw)
In-Reply-To: <20050927153424.91546.qmail@web54714.mail.yahoo.com>
Yes - John
On Tue, 2005-09-27 at 08:34 -0700, Alaios wrote:
> Thx for your reply... i want to ask sth is the
> ESTABLISHED and RELATED necessary for udp traffic?
>
> --- Jörg Harmuth <harmuth@mnemon.de> wrote:
>
> > Alaios wrote:
> > > Hi plz take a look at the following example
> > >
> > > The laptop has 2 ethernet interfaces
> > > To eth1 comes traffic from src 143.233.222.253
> > > The eth0 has ip address 10.2.4.2 and it is
> > connected
> > > back to back with eth1 of other pc with ip address
> > > 10.2.4.1
> > > I want to forward the traffic with src
> > 143.233.222.253
> > > to the 10.2.4.1 pc
> >
> > [SNIP]
> >
> > > i have also set the
> > > /proc/sys/net/ipv4/ip_forward to 1
> >
> > Ok.
> >
> > [SNIP]
> >
> > > I have also tested this one
> > > iptables -t nat -A PREROUTING -p tcp -d
> > 143.233.222.77
> > > (laptop eth1 card) --dport 22453 (i have cheched
> > dst
> > > port with tcpdump) 00 -j DNAT --to-destination
> > > 10.2.4.1
> > > this still doesnt work
> > > Every time i try to apply a new rule i use first
> > > the iptables -F
> > > iptables -t nat -F command
> >
> >
> > Your PREROUTING rule is probably ok, provided that
> > 143.233.222.77 is the
> > IP of eth1. But I think, if the simple approach
> > doesn't work you
> > shouldn't it make more complicated. Keep it small
> > and simple and when
> > you understand all the details, you may go deeper.
> > So, may be you would
> > like to start like this:
> >
> > ## Rewrite destination address
> > iptables -t nat -A PREROUTING -i eth1 -s
> > 143.233.222.253 \
> > -j DNAT --to 10.2.4.1
> >
> > ## Allow packets to pass FORWARD
> > iptables -A FORWARD -m state --state
> > ESTABLISHED,RELATED \
> > -j ACCEPT
> > iptables -A FORWARD -i eth1 -s 143.233.222.253 \
> > -j ACCEPT
> >
> > ## Now, SNAT outgoing packets
> > iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to
> > 143.233.222.77
> >
> > If this is a dial-up connection replace the SNAT
> > part with MASQUERADE.
> > BTW, you only need the FORWARD rules if your FORWARD
> > policy is DROP or
> > REJECT. And if you have other policies in filter
> > table set to DROP or
> > REJECT enable loopback. And finally, set all
> > policies in nat and mangle
> > to ACCEPT (and in raw, if you have that). This
> > should get you started.
> >
> > HTH,
> >
> > Joerg
> >
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com
Financially sustainable open source development
http://www.opensourcedevel.com
next prev parent reply other threads:[~2005-09-27 15:58 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-27 14:57 Plz i need help.... or i ll be fired :( Alaios
2005-09-27 15:03 ` Sp0oKeR
2005-09-27 15:14 ` John A. Sullivan III
2005-09-27 15:20 ` Alaios
2005-09-27 15:36 ` John A. Sullivan III
2005-09-27 15:22 ` John A. Sullivan III
2005-09-27 15:30 ` Alaios
2005-09-27 15:38 ` John A. Sullivan III
2005-09-27 15:18 ` Jörg Harmuth
2005-09-27 15:34 ` Alaios
2005-09-27 15:58 ` John A. Sullivan III [this message]
2005-09-27 15:38 ` Alaios
[not found] <65aa6af905092708427ab4dbb1@mail.gmail.com>
[not found] ` <20050927154321.68035.qmail@web54710.mail.yahoo.com>
2005-09-27 15:46 ` Edmundo Carmona
[not found] <20050927154040.23330.qmail@web54709.mail.yahoo.com>
2005-09-27 16:19 ` John A. Sullivan III
2005-09-27 16:35 ` Alaios
2005-09-27 16:42 ` Edmundo Carmona
2005-09-27 16:52 ` Alaios
2005-09-27 16:59 ` Edmundo Carmona
2005-09-27 17:08 ` Edmundo Carmona
2005-09-27 17:15 ` John A. Sullivan III
2005-09-27 17:10 ` John A. Sullivan III
2005-09-27 17:14 ` Edmundo Carmona
[not found] ` <20050927202213.70086.qmail@web54701.mail.yahoo.com>
2005-09-27 20:46 ` Edmundo Carmona
2005-09-27 20:55 ` John A. Sullivan III
2005-09-27 20:24 ` Alaios
2005-09-27 20:54 ` John A. Sullivan III
-- strict thread matches above, loose matches on Subject: below --
2005-09-27 21:04 Derick Anderson
2005-09-27 22:29 ` Nick Taylor
2005-09-27 23:32 ` Edmundo Carmona
2005-09-28 0:06 ` Seferovic Edvin
2005-09-28 11:51 Derick Anderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1127836692.2652.31.camel@localhost \
--to=jsullivan@opensourcedevel.com \
--cc=alaios@yahoo.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.