Re: strange problem. - Alistair Tonner

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alistair Tonner <Alistair@nerdnet.ca>
To: "Michael P. Ryan" <mryan@mail.arc.nasa.gov>,
	netfilter@lists.netfilter.org
Subject: Re: strange problem.
Date: Fri, 17 Jan 2003 20:45:02 -0500	[thread overview]
Message-ID: <200301172045.02921.Alistair@nerdnet.ca> (raw)
In-Reply-To: <D98357A0-2A49-11D7-A5F4-0003934AB744@mail.arc.nasa.gov>



	Why would it show as open in netstat? .. .there is no *service*
	listening on that port.   The prerouting will simply mangle the
	packet so that it gets routed to the destination ... You are not opening
	a port on the firewall, you are telling the firewall to take packets that 
	show up at that port and ip and punt them around the corner ....

	Alistair


On January 17, 2003 01:31 pm, Michael P. Ryan wrote:
> Hi,
>
>   On redhat 7.3 iptables 1.2.5, all needed modules appear to be loaded
> correctly.
>
> I have the box setup to nat and that works like a charm, but run into
> problems when I try to port forward to the internal network. Here is
> what I run, all pretty text book from what I can tell:
>
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -F INPUT
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -F OUTPUT
> $IPTABLES -P FORWARD DROP
> $IPTABLES -F FORWARD
> $IPTABLES -t nat -F
>
> # Portfw section
> $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 23 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A PREROUTING -t  nat -p tcp -d my.external.ip --dport 23 -j
> DNAT --to 192.168.0.6:23
> #
>
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
> $IPTABLES -A FORWARD -j LOG
> $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

next prev parent reply	other threads:[~2003-01-18  1:45 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-01-17 18:31 strange problem Michael P. Ryan
2003-01-18  1:45 ` Alistair Tonner [this message]
2003-01-21 22:38   ` Michael P. Ryan
2003-01-22 17:12     ` Darrell Dieringer
  -- strict thread matches above, loose matches on Subject: below --
2003-05-12  3:45 Strange problem sean
2003-01-16 16:55 GNOME help Anant Aneja
2003-01-17 16:06 ` Strange problem Korosi Akos
2003-01-17 18:36   ` Ray Olszewski
2002-10-31 11:46 strange problem Russell Coker
2002-10-31 12:21 ` Stephen Smalley
2002-10-31 15:18   ` Russell Coker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200301172045.02921.Alistair@nerdnet.ca \
    --to=alistair@nerdnet.ca \
    --cc=mryan@mail.arc.nasa.gov \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.